CVE-2020-5407: Signature Wrapping Vulnerability with spring-security-saml2-service-provider
Spring by VMware
Spring Security versions 5.2.x prior to 5.2.4 and 5.3.x prior to 5.3.2 contain a signature wrapping vulnerability during SAML response validation. When using the spring-security-saml2-service-provider component, a malicious user can carefully modify an otherwise valid SAML response and append an arbitrary assertion that Spring Security will accept as valid.
Affected VMware Products and Versions
Severity is medium unless otherwise noted.
- 5.2.x prior to 5.2.4
- 5.3.x prior to 5.3.2
Users of affected versions should apply the following mitigation or upgrade. Releases that have fixed this issue include:
This issue was identified and responsibly reported by Sam Tinklenberg.
2020-05-07: Initial vulnerability report published.