OneLogin ruby-saml
Moderate fix2 remedies
cpe:2.3:a:onelogin:ruby-saml:*:*:*:*:*:*:*
Moderate fix2 remedies
- <= 1.12.4
- >= 1.13.0, < 1.18.0
ruby-saml Authentication Bypass Vulnerability via Signature Wrapping Attack
Vulnerability
Patched
An authentication bypass vulnerability has been identified in the ruby-saml library, specifically in versions prior to 1.18.0. This vulnerability arises from a parser differential between ReXML and Nokogiri, which can generate entirely different document structures from the same XML input. As a result, an attacker could exploit this discrepancy to execute a Signature Wrapping attack, bypassing authentication mechanisms.
Impact
Exploitation of this vulnerability allows for authentication bypass, enabling unauthorized access to resources or functionalities that require user authentication.
Reproduction
To reproduce this vulnerability, use a version of the ruby-saml library prior to 1.18.0. Create a SAML response that includes a signature and an assertion. The response should be crafted in a way that takes advantage of the different XML parsing behaviors of Nokogiri and ReXML. When the response is processed, the parser differential will be exploited, allowing for a Signature Wrapping attack that bypasses authentication.
Remediation
Users can upgrade to ruby-saml version 1.18.0 or later to address this vulnerability.
Added: Dec 9, 2025, 6:27 PM
Updated: Dec 10, 2025, 12:12 AM
Vulnerability Rating
Custom Algorithm
spread
3.1impact
5.0exploitability
8.4remediation
7.7relevance
1.3threat
4.8urgency
2.9incentive
5.8Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.