Main Vulnerability Database Exploits ID:10595 - Exploit for Improper verification of cryptographic signature in SAML SSO for Ruby - CVE-2024-45409

ID:10595 - Exploit for Improper verification of cryptographic signature in SAML SSO for Ruby - CVE-2024-45409

Published: October 11, 2024

Vulnerability identifier: #VU97454

Vulnerability risk: High

CVE-ID: CVE-2024-45409

CWE-ID: CWE-347

Exploitation vector: Remote access

Vulnerable software:
SAML SSO for Ruby

Link to public exploit:

https://github.com/synacktiv/CVE-2024-45409

Vulnerability description

The vulnerability allows a remote attacker to bypass SAML authentication.

The vulnerability exists due to the library does not properly verify the signature of the SAML Response. A remote non-authenticated attacker with access to any signed SAML document (by the IdP) can forge a SAML Response/Assertion with arbitrary contents, bypass authentication process and login under an arbitrary account within the application.

Successful exploitation of the vulnerability may allow an attacker to compromise the affected application.

Remediation

Install updates from vendor's website.

ID:10595 - Exploit for Improper verification of cryptographic signature in SAML SSO for Ruby - CVE-2024-45409

Link to public exploit:

Vulnerability description

Remediation

Please verify you're human