passport-wsfed-saml2 3.0.7 vulnerabilities

Known vulnerabilities in the passport-wsfed-saml2 package. This does not include vulnerabilities belonging to this package’s dependencies.

Vulnerability	Vulnerable Version
C Improper Authentication passport-wsfed-saml2 is a SAML2 Protocol and WS-Fed library. Affected versions of this package are vulnerable to Improper Authentication via the `SAMLResponse` handling process. An attacker can impersonate any user during the authentication process by crafting a `SAMLResponse` using a valid SAML object that was signed by the configured IdP. Note: This is only exploitable if the following conditions are met: Your service provider uses `passport-wsfed-saml2`. A valid SAML Response, signed by the Identity Provider, can be obtained. How to fix Improper Authentication? Upgrade `passport-wsfed-saml2` to version 4.6.4 or higher.	>=3.0.5 <4.6.4
H User Impersonation passport-wsfed-saml2 is a SAML2 Protocol and WS-Fed library. Affected versions of this package are vulnerable to User Impersonation via attribute smuggling in the SAML response. An attacker can impersonate any user during SAML authentication by tampering with a valid SAML response and adding attributes to it. Note: This is only exploitable if the following conditions are met: Your service provider uses `passport-wsfed-saml2`; A valid SAML Response, signed by the Identity Provider, can be obtained. How to fix User Impersonation? Upgrade `passport-wsfed-saml2` to version 4.6.4 or higher.	>=3.0.5 <4.6.4
M Improper Control of Document Type Definition passport-wsfed-saml2 is a SAML2 Protocol and WS-Fed library. Affected versions of this package are vulnerable to Improper Control of Document Type Definition due to improper validation of a SAML signature tag, which leads to a signature relocation attack where the attacker can corrupt one field of data while maintaining the signature valid. This could allow an authenticated attacker to "remove" one group from the assertion or corrupt another field. How to fix Improper Control of Document Type Definition? Upgrade `passport-wsfed-saml2` to version 3.0.10 or higher.	<3.0.10
M Access Restriction Bypass passport-wsfed-saml2 is a SAML2 Protocol and WS-Fed library. Affected versions of this package are vulnerable to Access Restriction Bypass when a remote attacker can bypass WSFed authentication on a website. A successful attack requires that the attacker has an arbitrary IDP-signed assertion. NOTE Depending on the IDP used, fully unauthenticated attacks (e.g, without access to a valid user) might also be feasible if the generation of a signed message can be triggered. How to fix Access Restriction Bypass? Upgrade `passport-wsfed-saml2` to version 4.6.3 or higher.	>=0.1.0 <4.6.3

Vulnerability

Vulnerable Version

Improper Authentication

passport-wsfed-saml2 is a SAML2 Protocol and WS-Fed library.

Affected versions of this package are vulnerable to Improper Authentication via the SAMLResponse handling process. An attacker can impersonate any user during the authentication process by crafting a SAMLResponse using a valid SAML object that was signed by the configured IdP.

Note:

This is only exploitable if the following conditions are met:

Your service provider uses passport-wsfed-saml2.
A valid SAML Response, signed by the Identity Provider, can be obtained.

How to fix Improper Authentication?

Upgrade passport-wsfed-saml2 to version 4.6.4 or higher.

>=3.0.5 <4.6.4

User Impersonation

passport-wsfed-saml2 is a SAML2 Protocol and WS-Fed library.

Affected versions of this package are vulnerable to User Impersonation via attribute smuggling in the SAML response. An attacker can impersonate any user during SAML authentication by tampering with a valid SAML response and adding attributes to it.

Note:

This is only exploitable if the following conditions are met:

Your service provider uses passport-wsfed-saml2;
A valid SAML Response, signed by the Identity Provider, can be obtained.

How to fix User Impersonation?

Upgrade passport-wsfed-saml2 to version 4.6.4 or higher.

>=3.0.5 <4.6.4

Improper Control of Document Type Definition

passport-wsfed-saml2 is a SAML2 Protocol and WS-Fed library.

Affected versions of this package are vulnerable to Improper Control of Document Type Definition due to improper validation of a SAML signature tag, which leads to a signature relocation attack where the attacker can corrupt one field of data while maintaining the signature valid. This could allow an authenticated attacker to "remove" one group from the assertion or corrupt another field.

How to fix Improper Control of Document Type Definition?

Upgrade passport-wsfed-saml2 to version 3.0.10 or higher.

<3.0.10

Access Restriction Bypass

passport-wsfed-saml2 is a SAML2 Protocol and WS-Fed library.

Affected versions of this package are vulnerable to Access Restriction Bypass when a remote attacker can bypass WSFed authentication on a website. A successful attack requires that the attacker has an arbitrary IDP-signed assertion.

NOTE Depending on the IDP used, fully unauthenticated attacks (e.g, without access to a valid user) might also be feasible if the generation of a signed message can be triggered.

How to fix Access Restriction Bypass?

Upgrade passport-wsfed-saml2 to version 4.6.3 or higher.

>=0.1.0 <4.6.3

passport-wsfed-saml2@3.0.7 vulnerabilities

SAML2 Protocol and WS-Fed library

latest version

latest non vulnerable version

first published

latest version published

licenses detected

Direct Vulnerabilities

How to fix?