[CVE-2012-6426] LemonLDAP-NG SAML XML Signature Wrapping

Posted on Sun 17 March 2013 in Advisory

Summary

LemonLDAP-NG <=1.2.2 is prone to a security vulnerability involving XML signature wrapping in authentication process.

Successful exploits may allow unauthenticated attackers to construct specially crafted messages that can be successfully verified and contain arbitrary content.

This may lead to authentication bypass.

Details

Due to a bad use of Lasso library, SAML signatures are never checked, even if SP forces signature check.

CVSS Version 2 Metrics

  • Access Vector: Network exploitable
  • Access Complexity: Low
  • Authentication: Not required to exploit
  • Impact Type:Allows unauthorized disclosure of information; Allows unauthorized modification

Disclosure Timeline

  • 2012-11-08 Vendor contacted
  • 2012-12-18 Vendor: fixed issue in svn r2698
  • 2012-12-19 CVE-2012-6426 assigned
  • 2012-12-20 Public advisory
  • 2012-12-21 EoW

References

http://jira.ow2.org/browse/LEMONLDAP-570

vulnerability advisory lemonldap