SAML Consumer Service KeyInfo RetrievalMethod SSRF

Severity: Medium

Invicti detected that the target application is vulnerable to a [Possible] SAML Consumer Service KeyInfo RetrievalMethod SSRF by capturing a DNS request that was made to {SSRFRESPONDER} but was unable to confirm the vulnerability.

The web application uses SAML. The web application's SAML Consumer Service allows KeyInfo referencing to remote servers/local files (using RetrievalMethod). An unauthenticated attacker may be able to use it in order to read arbitrary files on the server or send requests to other servers (SSRF).


An attacker can send arbitrary HTTP Get requests to internal servers or read local files.


Disable dereferencing in KeyInfo RetrievalMethod.

Build your resistance to threats. And save hundreds of hours each month.

Get a demo See how it works