Miggo Logo

CVE-2022-23505: Authentication Bypass for passport-wsfed-saml2

5.3

CVSS Score
3.1

Basic Information

EPSS Score
0.17038%
Published
12/13/2022
Updated
1/31/2023
KEV Status
No
Technology
TechnologyJavaScript

Technical Details

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Package NameEcosystemVulnerable VersionsFirst Patched Version
passport-wsfed-saml2npm< 4.6.34.6.3

Vulnerability Intelligence
Miggo AIMiggo AI

Miggo AIRoot Cause Analysis

The vulnerability stems from improper assertion validation in WS-Fed token processing. The GitHub PR #179 shows the fix adds a check for exactly one Assertion element. Prior to 4.6.3, the library would process the first assertion without validating the count, enabling bypass if an attacker provided multiple assertions. The file path and vulnerability pattern match the CWE-287 (Improper Authentication) description, and the patch directly addresses this by adding assertion count validation.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

# Ov*rvi*w * r*mot* *tt**k*r **n *yp*ss WS*** *ut**nti**tion on * w**sit* usin* p*ssport-ws***-s*ml*. * su***ss*ul *tt**k r*quir*s t**t t** *tt**k*r is in poss*ssion o* *n *r*itr*ry I*P si*n** WS*** *ss*rtion. **p*n*in* on t** I*P us**, *ully un*ut**

Reasoning

T** vuln*r**ility st*ms *rom improp*r *ss*rtion v*li**tion in WS-*** tok*n pro**ssin*. T** *it*u* PR #*** s*ows t** *ix ***s * ****k *or *x**tly on* *ss*rtion *l*m*nt. Prior to *.*.*, t** li*r*ry woul* pro**ss t** *irst *ss*rtion wit*out v*li**tin* t