SAML Consumer Service KeyInfo RetrievalMethod SSRF
Summary#
Invicti detected that the target application is vulnerable to a [Possible] SAML Consumer Service KeyInfo RetrievalMethod SSRF by capturing a DNS request that was made to {SSRFRESPONDER} but was unable to confirm the vulnerability.
The web application uses SAML. The web application's SAML Consumer Service allows KeyInfo referencing to remote servers/local files (using RetrievalMethod). An unauthenticated attacker may be able to use it in order to read arbitrary files on the server or send requests to other servers (SSRF).
Impact#
An attacker can send arbitrary HTTP Get requests to internal servers or read local files.
Remediation#
Disable dereferencing in KeyInfo RetrievalMethod.
Classifications#
Vulnerability Index
You can search and find all vulnerabilities
Select Category
OR
Search Vulnerability
Related Vulnerabilities
