Duo Network Gateway 1.2.9 and earlier may incorrectly utilize the results of XML DOM traversal and canonicalization APIs in such a way that an attacker may be able to manipulate the SAML data without invalidating the cryptographic signature, allowing the attack to potentially bypass authentication to SAML service providers.
References
Link | Resource |
---|---|
https://duo.com/blog/duo-finds-saml-vulnerabilities-affecting-multiple-implementations | Exploit Vendor Advisory |
https://www.kb.cert.org/vuls/id/475445 | Third Party Advisory US Government Resource |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: duo
Published: 2019-04-17T14:01:03
Updated: 2019-04-17T14:01:03
Reserved: 2018-02-22T00:00:00
Link: CVE-2018-7340
JSON object: View
NVD Information
Status : Analyzed
Published: 2019-04-17T15:29:00.640
Modified: 2020-10-02T14:44:32.147
Link: CVE-2018-7340
JSON object: View
Redhat Information
No data.