Rancher Manager SAML Authentication Phishing Vulnerability

A phishing vulnerability has been identified in Rancher Manager's SAML authentication when using the Rancher CLI tool. This issue allows attackers to steal authentication tokens by exploiting the custom SAML authentication protocol. The vulnerability affects Rancher versions 2.9.0 prior to 2.9.12, 2.10.0 prior to 2.10.10, 2.11.0 prior to 2.11.6, and 2.12.0 prior to 2.12.2. Deployments without SAML authentication enabled are not affected.

Impact

Exploitation of this vulnerability allows for phishing attacks that can steal Rancher authentication tokens, potentially leading to unauthorized access.

Remediation

Users can update to Rancher versions 2.12.2, 2.11.6, 2.10.10, or 2.9.12, where this vulnerability has been fixed. If an immediate update is not possible, users should manually check the URL printed by the Rancher CLI during the SAML authentication process. The 'requestId' parameter in the URL must match the one logged by the CLI. If there is a discrepancy, do not proceed with the login, as it may be a phishing attempt.