7.7

CVSS Score

3.0

Basic Information

CVE ID

CVE-2017-11429

GHSA ID

GHSA-5p5w-j3g7-w4wv

EPSS Score

0.6186%

CWE

CWE-287

Published

7/5/2019

Updated

1/9/2023

KEV Status

Technology

JavaScript

Concerned about an active attack path?

Talk to our security experts and see Miggo in action.

Miggo Vulnerability Database

→

CVE-2017-11429

CVE-2017-11429: Authentication bypass via incorrect XML canonicalization and DOM traversal in saml2-js

Versions of saml2-js prior to 1.12.4 or 2.0.2 are vulnerable to authentication bypass.

The saml2-js library may incorrectly utilize the results of XML DOM traversal and canonicalization APIs in such a way that an attacker may be able to manipulate the SAML data without invalidating the cryptographic signature, allowing the attack to potentially bypass authentication to SAML service providers.

Security Assertion Markup Language (SAML) is an XML-based markup language for security assertions regarding authentication and permissions, most commonly used for single sign-on (SSO) services.

Some XML DOM traversal and canonicalization APIs may be inconsistent in handling of comments within XML nodes. Incorrect use of these APIs by some SAML libraries results in incorrect parsing of the inner text of XML nodes such that any inner text after the comment is lost prior to cryptographically signing the SAML message. Text after the comment therefore has no impact on the signature on the SAML message.

A remote attacker can modify SAML content for a SAML service provider without invalidating the cryptographic signature, which may allow attackers to bypass primary authentication for the affected SAML service provider

Recommendation

If you use 1.x upgrade to version 1.12.4 or greater If you use 2.x upgrade to version 2.02 or greater

(GitHub Advisory)

7.7

CVSS Score

3.0

Basic Information

CVE ID

CVE-2017-11429

GHSA ID

GHSA-5p5w-j3g7-w4wv

EPSS Score

0.6186%

CWE

CWE-287

Published

7/5/2019

Updated

1/9/2023

KEV Status

Technology

JavaScript

Technical Details

CVSS Vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N

Package Name	Ecosystem	Vulnerable Versions	First Patched Version
saml2-js	npm	< 1.12.4	1.12.4
saml2-js	npm	>= 2.0.0, < 2.0.2	2.0.2

Vulnerability Intelligence
Miggo AI

Root Cause Analysis

The vulnerability stems from improper handling of XML nodes containing comments during text extraction. While no direct patch diffs are provided, the CVE description and Duo's analysis indicate the core issue exists in functions processing SAML assertion content. The library's XML parsing logic for critical elements like NameID would be the primary location for this vulnerability, specifically where text content is extracted using methods vulnerable to comment truncation. These functions would appear in runtime profiles during SAML response processing and signature validation.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

V*rsions o* `s*ml*-js` prior to *.**.* or *.*.* *r* vuln*r**l* to *ut**nti**tion *yp*ss. T** `s*ml*-js` li*r*ry m*y in*orr**tly utiliz* t** r*sults o* XML *OM tr*v*rs*l *n* **noni**liz*tion *PIs in su** * w*y t**t *n *tt**k*r m*y ** **l* to m*nipul*

Reasoning

T** vuln*r**ility st*ms *rom improp*r **n*lin* o* XML no**s *ont*inin* *omm*nts *urin* t*xt *xtr**tion. W*il* no *ir**t p*t** *i**s *r* provi***, t** *V* **s*ription *n* *uo's *n*lysis in*i**t* t** *or* issu* *xists in *un*tions pro**ssin* S*ML *ss*r

7.7

Basic Information

Concerned about an active attack path?

CVE-2017-11429: Authentication bypass via incorrect XML canonicalization and DOM traversal in saml2-js

Recommendation

7.7

Basic Information

Technical Details

Vulnerability IntelligenceMiggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Reasoning

Vulnerability Intelligence
Miggo AI