CVE-2018-7644

Vulnerability

The XmlSecLibs library (as used in the saml2 library within SimpleSAMLphp before version 1.15.3 [1][2]) improperly validates XML signatures on SAML assertions. An attacker can instantiate an XMLSecurityKey object with a specific algorithm (e.g., HMAC-SHA1) and then load key material that does not correspond to that algorithm — for instance, a public key from a known Identity Provider [1]. Because the API does not check that the key type matches the algorithm, the signature verification is performed using the attacker-chosen algorithm and the supplied material, circumventing cryptographic guarantees.

Exploitation

A remote attacker who knows the public key of a legitimate Identity Provider (IdP) can craft a SAML assertion signed using the HMAC-SHA1 algorithm, using that public key as the shared secret [1]. The attacker then delivers the forged assertion via an HTTP-Redirect binding to a SimpleSAMLphp service provider (SP) [1]. No prior authentication or write access to the target is required; the attacker only needs network access to the SP and knowledge of the IdP's public key (which is inherently public).

Impact

Successful exploitation allows the attacker to impersonate any user from the targeted IdP [2]. The forged SAML assertion passes signature verification, leading to unauthorized authentication and potential escalation of privileges within the relying SimpleSAMLphp application. This constitutes a complete compromise of identity assertion integrity and authentication enforcement.

Mitigation

SimpleSAMLphp versions 1.15.3 and later include the fix [1]. Users must upgrade to version 1.15.3 or newer as soon as possible. No workaround is available for earlier versions. This CVE is not listed in CISA's Known Exploited Vulnerabilities (KEV) catalog.