simplesamlphp/saml2
Moderate fix2 remedies
cpe:2.3:a:simplesamlphp:saml2:*:*:*:*:*:*:*
Moderate fix2 remedies
- <= 4.16.15
- <= 5.0.0-alpha.19
SimpleSAMLphp SAML2 Library Signature Confusion Vulnerability in HTTP-Redirect Binding
Vulnerability
Patched
A signature confusion vulnerability has been identified in the SimpleSAMLphp SAML2 library, affecting versions prior to 4.17.0 and 5.0.0-alpha.20. The issue arises in the HTTP-Redirect binding, where an attacker can manipulate signed SAML responses to trick the application into accepting unsigned messages. This vulnerability could be exploited to impersonate users by exploiting the way SAML requests and responses are processed and verified.
Impact
Exploitation of this vulnerability allows for a signature confusion attack, where an unsigned SAML message is accepted as valid. This could lead to impersonation of users within the service provider.
Reproduction
To reproduce this vulnerability, send a SAML response via the HTTP-Redirect binding that is signed. Include an unsigned SAML request parameter. The application will accept the unsigned request while verifying the signature of the response, creating a confusion that can be exploited.
Remediation
Users should upgrade to SimpleSAMLphp versions 4.17.0 or 5.0.0-alpha.20, where this vulnerability has been fixed.
Added: Jun 9, 2025, 7:46 PM
Updated: Jun 9, 2025, 7:46 PM
Vulnerability Rating
Custom Algorithm
spread
5.2impact
5.0exploitability
9.3remediation
7.7relevance
0.0threat
4.8urgency
2.9incentive
10.0Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.