CVE-2019-10201 - OpenCVE

It was found that Keycloak's SAML broker, versions up to 6.0.1, did not verify missing message signatures. If an attacker modifies the SAML Response and removes the <Signature> sections, the message is still accepted, and the message can be modified. An attacker could use this flaw to impersonate other users and gain access to sensitive information.

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact None

User Interaction None

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact None

User Interaction None

Access Vector Network

Access Complexity Low

Authentication Single

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact None

AV:N/AC:L/Au:S/C:P/I:P/A:N

Vendors & Products
CPE Configurations

Vendors	Products
Redhat	Keycloak Single Sign-on

Configuration 1 [-]

OR	cpe:2.3:a:redhat:keycloak::::::::
	cpe:2.3:a:redhat:single_sign-on:7.0:::::::*
	cpe:2.3:a:redhat:single_sign-on:7.3.3:::::::*

References

Link	Resource
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10201	Issue Tracking Mitigation Vendor Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: redhat

Published: 2019-08-14T16:09:39

Updated: 2019-08-14T16:09:38

Reserved: 2019-03-27T00:00:00

Link: CVE-2019-10201

JSON object: View

NVD Information

Status : Analyzed

Published: 2019-08-14T17:15:11.143

Modified: 2020-10-02T14:11:44.567

Link: CVE-2019-10201

JSON object: View

Redhat Information

No data.

CWE

{"containers": {"cna": {"affected": [{"product": "keycloak", "vendor": "Red Hat ", "versions": [{"status": "affected", "version": "up to keycloak 6.0.1"}]}], "descriptions": [{"lang": "en", "value": "It was found that Keycloak's SAML broker, versions up to 6.0.1, did not verify missing message signatures. If an attacker modifies the SAML Response and removes the <Signature> sections, the message is still accepted, and the message can be modified. An attacker could use this flaw to impersonate other users and gain access to sensitive information."}], "metrics": [{"cvssV3_0": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N", "version": "3.0"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-592", "description": "CWE-592", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2019-08-14T16:09:38", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10201"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "secalert@redhat.com", "ID": "CVE-2019-10201", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "keycloak", "version": {"version_data": [{"version_value": "up to keycloak 6.0.1"}]}}]}, "vendor_name": "Red Hat "}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "It was found that Keycloak's SAML broker, versions up to 6.0.1, did not verify missing message signatures. If an attacker modifies the SAML Response and removes the <Signature> sections, the message is still accepted, and the message can be modified. An attacker could use this flaw to impersonate other users and gain access to sensitive information."}]}, "impact": {"cvss": [[{"vectorString": "8.1/CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N", "version": "3.0"}]]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-592"}]}]}, "references": {"reference_data": [{"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10201", "refsource": "CONFIRM", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10201"}]}}}}, "cveMetadata": {"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2019-10201", "datePublished": "2019-08-14T16:09:39", "dateReserved": "2019-03-27T00:00:00", "dateUpdated": "2019-08-14T16:09:38", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:redhat:keycloak:*:*:*:*:*:*:*:*", "matchCriteriaId": "B4169303-407C-4964-8A5E-D34AC060239A", "versionEndIncluding": "6.0.1", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:single_sign-on:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "9EFEC7CA-8DDA-48A6-A7B6-1F1D14792890", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:single_sign-on:7.3.3:*:*:*:*:*:*:*", "matchCriteriaId": "5463868E-60F5-4E8F-AC8F-82AA4088E1FB", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "It was found that Keycloak's SAML broker, versions up to 6.0.1, did not verify missing message signatures. If an attacker modifies the SAML Response and removes the <Signature> sections, the message is still accepted, and the message can be modified. An attacker could use this flaw to impersonate other users and gain access to sensitive information."}, {"lang": "es", "value": "Se detect\u00f3 que el broker SAML de Keycloak, versiones hasta 6.0.1, no comprobaba la falta de firmas de mensajes. Si un atacante modifica la Respuesta SAML y elimina las secciones (Signature), el mensaje sigue siendo aceptado y el mensaje puede ser modificado. Un atacante podr\u00eda utilizar este fallo para hacerse pasar por otros usuarios y obtener acceso a informaci\u00f3n confidencial."}], "id": "CVE-2019-10201", "lastModified": "2020-10-02T14:11:44.567", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "NONE", "baseScore": 5.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 4.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N", "version": "3.0"}, "exploitabilityScore": 2.8, "impactScore": 5.2, "source": "secalert@redhat.com", "type": "Secondary"}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.2, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2019-08-14T17:15:11.143", "references": [{"source": "secalert@redhat.com", "tags": ["Issue Tracking", "Mitigation", "Vendor Advisory"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10201"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-347"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-592"}], "source": "secalert@redhat.com", "type": "Secondary"}]}