XML Signature Wrapping (XSW) in SAML-based Single Sign-on feature in TOPdesk v12.10.12 allows bad actors with credentials to authenticate with the Identity Provider (IP) to impersonate any TOPdesk user via SAML Response manipulation.
References
Link | Resource |
---|---|
https://char49.com/articles/topdesk-vulnerable-to-xml-signature-wrapping-attacks | Exploit Technical Description Third Party Advisory |
https://my.topdesk.com/tas/public/ssp/content/detail/knowledgeitem?unid=56a16ba1c2824e9a82655892ba75d3c0 | Permissions Required |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2023-06-22T00:00:00
Updated: 2023-06-22T00:00:00
Reserved: 2023-06-07T00:00:00
Link: CVE-2023-34923
JSON object: View
NVD Information
Status : Analyzed
Published: 2023-06-22T19:15:08.987
Modified: 2023-06-30T16:20:02.137
Link: CVE-2023-34923
JSON object: View
Redhat Information
No data.
CWE