#VU28464 Improper Verification of Cryptographic Signature in Spring Security - CVE-2020-5407
Published: June 1, 2020
Vulnerability identifier: #VU28464
Vulnerability risk: Medium
CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Green
CVE-ID: CVE-2020-5407
CWE-ID: CWE-347
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vulnerable software:
Spring Security
Spring Security
Software vendor:
VMware, Inc
VMware, Inc
Description
The vulnerability allows a remote attacker to compromise the target system.
The vulnerability exists due to a signature wrapping issue during SAML response validation when using the "spring-security-saml2-service-provider" component. A remote authenticated attacker can carefully modify an otherwise valid SAML response and append an arbitrary assertion that Spring Security will accept as valid.
Remediation
Install updates from vendor's website.
External links
- https://lists.apache.org/thread.html/r73af928cf64bebf78b7fa4bc56a5253273ec7829f5f5827f64c72fc7@%3Cissues.servicemix.apache.org%3E
- https://lists.apache.org/thread.html/ra19a4e7236877fe12bfb52db07b27ad72d9e7a9f5e27bba7e928e18a@%3Cdev.geode.apache.org%3E
- https://lists.apache.org/thread.html/rd99601fbca514f214f88f9e53fd5be3cfbff05b350c994b4ec2e184c@%3Cdev.geode.apache.org%3E
- https://tanzu.vmware.com/security/cve-2020-5407
- https://github.com/spring-projects/spring-security/tree/5.2.3.RELEASE/samples/boot/saml2login
- https://docs.spring.io/spring-security/site/docs/5.2.3.RELEASE/reference/html5/#saml2