Sitevision SAML Key Leakage Vulnerability via WebDAV Access

A vulnerability in Sitevision versions through 10.3.1 allows remote attackers to access private keys used for signing SAML authentication requests. This issue arises from a Java keystore that can be downloaded via WebDAV, protected only by a weak, auto-generated password. While the vulnerability is not present by default, it commonly occurs in certain configurations.

Impact

Exploitation of this vulnerability allows an attacker to access private keys that can be used to sign SAML authentication requests, potentially leading to unauthorized access to user sessions.

Reproduction

WebDAV must be enabled on the Sitevision server. After confirming WebDAV is active, navigate to the 'files' directory where the 'saml-keystore' file is located. This keystore can be downloaded and inspected, revealing its contents, including the private key for the 'oiosaml' certificate, which is used in SAML authentication.

Remediation

Sitevision has released a patch in version 10.3.2 that addresses the vulnerability by enhancing password complexity. However, users must manually rotate passwords after upgrading to this version.