User impersonation using SAMLv1.x SSO in Open Access Management

Open Access Management (OpenAM) is an access management solution that includes Authentication, SSO, Authorization, Federation, Entitlements and Web Services Security. OpenAM up to version 14.7.2 does not properly validate the signature of SAML responses received as part of the SAMLv1.x Single Sign-On process. Attackers can use this fact to impersonate any OpenAM user, including the administrator, by sending a specially crafted SAML response to the SAMLPOSTProfileServlet servlet. This problem has been patched in OpenAM 14.7.3-SNAPSHOT and later. User unable to upgrade should comment servlet `SAMLPOSTProfileServlet` from their pom file. See the linked GHSA for details.

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

认证机制不恰当

OpenAM 授权问题漏洞

OpenAM是OpenAM Consortium组织的一种一体化访问管理解决方案。提供身份验证、授权、授权和联合功能。 Open Access Management(OpenAM) 14.7.2及之前版本存在授权问题漏洞，该漏洞源于无法正确验证在SAMLv1.x单点登录过程中收到的响应签名。攻击者可利用该漏洞发送特制的SAML响应来冒充任意OpenAM用户。

N/A

N/A