Impact: Important Public Date: 2019-08-13 CWE: CWE-592 Bugzilla: 1728609: CVE-2019-10201 keycloak: SAML broker does not check existence of signature on document allowing any user impersonation It was found that Keycloak's SAML broker did not verify missing message signatures. If an attacker modifies the SAML Response and removes the <Signature> sections, the message is still accepted, and the message can be modified. An attacker could use this flaw to impersonate other users and gain access to sensitive information.
Find out more about CVE-2019-10201 from the MITRE CVE dictionary dictionary and NIST NVD.
NOTE: The following CVSS v3 metrics and score provided are preliminary and subject to review.
CVSS3 Base Score | 8.1 |
---|---|
CVSS3 Base Metrics | CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N |
Attack Vector | Network |
Attack Complexity | Low |
Privileges Required | Low |
User Interaction | None |
Scope | Unchanged |
Confidentiality | High |
Integrity Impact | High |
Availability Impact | None |
Platform | Package | State |
---|---|---|
Red Hat Single Sign-On 7 | keycloak | Affected |
Red Hat OpenShift Application Runtimes 1.0 | springboot | Under investigation |
Red Hat OpenShift Application Runtimes 1.0 | swarm | Under investigation |
Red Hat Mobile Application Platform On-Premise 4 | keycloak | Not affected |
Red Hat JBoss Fuse 7 | keycloak | Under investigation |
Administrator can prevent this issue for POST binding by requiring signed assertions.