5.3

CVSS Score

3.1

Basic Information

CVE ID

CVE-2022-23505

GHSA ID

GHSA-ppjq-qxhx-m25f

EPSS Score

0.17038%

CWE

CWE-287

Published

12/13/2022

Updated

1/31/2023

KEV Status

Technology

JavaScript

Concerned about an active attack path?

Talk to our security experts and see Miggo in action.

Miggo Vulnerability Database

→

CVE-2022-23505

CVE-2022-23505: Authentication Bypass for passport-wsfed-saml2

Overview

A remote attacker can bypass WSFed authentication on a website using passport-wsfed-saml2. A successful attack requires that the attacker is in possession of an arbitrary IDP signed WSFed assertion. Depending on the IDP used, fully unauthenticated attacks (e.g without access to a valid user) might also be feasible if generation of a signed message can be triggered.

Am I affected?

You are affected if you are using WSFed protocol with the passport-wsfed-saml2 library versions < 4.6.3. SAML2 protocol is not affected.

How do I fix it?

Upgrade the library to version 4.6.3.

Will the fix impact my users?

No, the fix will not impact your users.

(GitHub Advisory)

5.3

CVSS Score

3.1

Basic Information

CVE ID

CVE-2022-23505

GHSA ID

GHSA-ppjq-qxhx-m25f

EPSS Score

0.17038%

CWE

CWE-287

Published

12/13/2022

Updated

1/31/2023

KEV Status

Technology

JavaScript

Technical Details

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Package Name	Ecosystem	Vulnerable Versions	First Patched Version
passport-wsfed-saml2	npm	< 4.6.3	4.6.3

Vulnerability Intelligence
Miggo AI

Root Cause Analysis

The vulnerability stems from improper assertion validation in WS-Fed token processing. The GitHub PR #179 shows the fix adds a check for exactly one Assertion element. Prior to 4.6.3, the library would process the first assertion without validating the count, enabling bypass if an attacker provided multiple assertions. The file path and vulnerability pattern match the CWE-287 (Improper Authentication) description, and the patch directly addresses this by adding assertion count validation.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

# Ov*rvi*w * r*mot* *tt**k*r **n *yp*ss WS*** *ut**nti**tion on * w**sit* usin* p*ssport-ws***-s*ml*. * su***ss*ul *tt**k r*quir*s t**t t** *tt**k*r is in poss*ssion o* *n *r*itr*ry I*P si*n** WS*** *ss*rtion. **p*n*in* on t** I*P us**, *ully un*ut**

Reasoning

T** vuln*r**ility st*ms *rom improp*r *ss*rtion v*li**tion in WS-*** tok*n pro**ssin*. T** *it*u* PR #*** s*ows t** *ix ***s * ****k *or *x**tly on* *ss*rtion *l*m*nt. Prior to *.*.*, t** li*r*ry woul* pro**ss t** *irst *ss*rtion wit*out v*li**tin* t

5.3

Basic Information

Concerned about an active attack path?

CVE-2022-23505: Authentication Bypass for passport-wsfed-saml2

Overview

Am I affected?

How do I fix it?

Will the fix impact my users?

5.3

Basic Information

Technical Details

Vulnerability IntelligenceMiggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Reasoning

Vulnerability Intelligence
Miggo AI