Bug 1728609 (CVE-2019-10201)
Summary: | CVE-2019-10201 keycloak: SAML broker does not check existence of signature on document allowing any user impersonation | ||
---|---|---|---|
Product: | [Other] Security Response | Reporter: | Marian Rehak <mrehak> |
Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> |
Status: | CLOSED ERRATA | QA Contact: | |
Severity: | high | Docs Contact: | |
Priority: | high | ||
Version: | unspecified | CC: | aileenc, avibelli, bgeorges, cbyrne, chazlett, cmacedo, cmoulliard, dffrench, dkreling, drieden, drusso, ggaughan, ikanello, janstey, jbalunas, jmadigan, jochrist, jpadman, jpallich, jshepherd, jwon, krathod, lthon, mszynkie, ngough, pdrozd, pgallagh, pjindal, pwright, rruss, security-response-team, sthorger, trepel, trogers |
Target Milestone: | --- | Keywords: | Security |
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | keycloak 7.0.0 | Doc Type: | If docs needed, set a value |
Doc Text: |
It was found that Keycloak's SAML broker did not verify missing message signatures. If an attacker modifies the SAML Response and removes the <Signature> sections, the message is still accepted, and the message can be modified. An attacker could use this flaw to impersonate other users and gain access to sensitive information.
|
Story Points: | --- |
Clone Of: | Environment: | ||
Last Closed: | 2019-08-13 20:47:07 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | |||
Bug Blocks: | 1728611 |
Description
Marian Rehak
2019-07-10 09:13:26 UTC
Mitigation: Administrator can prevent this issue for POST binding by requiring signed assertions. Red Hat Mobile Application Platform does not make use of SAML identity brokering. This issue has been addressed in the following products: Red Hat Single Sign-On 7.3.3 zip Via RHSA-2019:2483 https://access.redhat.com/errata/RHSA-2019:2483 This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2019-10201 This issue has been addressed in the following products: Red Hat Openshift Application Runtimes Via RHSA-2020:2067 https://access.redhat.com/errata/RHSA-2020:2067 This issue has been addressed in the following products: Red Hat Runtimes Spring Boot 2.1.12 Via RHSA-2020:2366 https://access.redhat.com/errata/RHSA-2020:2366 |