psPAS PowerShell Module TLS Downgrade Vulnerability in SAML Authentication
Vulnerability
A vulnerability exists in the psPAS PowerShell module, specifically in versions 6.4.85 prior to 7.0.209. The issue arises because the module's 'Get-PASSAMLResponse' function does not enforce the use of TLS 1.2 during the SAML authentication process. This lack of enforcement allows an unauthenticated attacker to intercept the TLS handshake and downgrade the protocol to a less secure version. The vulnerability has been addressed in version 7.0.209.
Impact
Exploitation of this vulnerability could lead to a Man-in-the-Middle attack, where an attacker downgrades the TLS protocol to a deprecated version, potentially allowing for interception and manipulation of data.
Reproduction
The vulnerability can be reproduced by using the 'Get-PASSAMLResponse' function without specifying a SAML response parameter. This will trigger the function to initiate a SAML authentication process that lacks the necessary TLS 1.2 enforcement. An attacker can then intercept the TLS handshake and downgrade the protocol.
Remediation
Users can upgrade to psPAS version 7.0.209 or later, where this vulnerability has been fixed.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.