SAML Response Without Signature

Severity: High

Summary#

Invicti detected that the target application is vulnerable to a SAML Response without a signature.

The web application uses SAML. The web application's SAML Consumer Service doesn't require SAML Response signature. An authenticated attacker may be able to use it to escalate privileges to a high privileged user or to takeover accounts of other users in the application.

Impact#

Account takeover and/or privilege escalation

Remediation#

Change the configuration of the SAML service to require a valid signature for SAML Response

Classifications#

ISO27001-A.14.2.5, OWASP 2017-A6, OWASP 2013-A5, CWE-16, WASC-15, CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

SAML Response Without Signature

Related Articles

Build your resistance to threats. And save hundreds of hours each month.