Source URL: https://github.blog/security/sign-in-as-anyone-bypassing-saml-sso-authentication-with-parser-differentials/
Source: Hacker News
Title: Sign in as anyone: Bypassing SAML SSO authentication with parser differentials
Feedly Summary: Comments
AI Summary and Description: Yes
Summary: The text discusses critical authentication bypass vulnerabilities (CVE-2025-25291 and CVE-2025-25292) identified in the ruby-saml library that jeopardize SAML-based single sign-on (SSO) implementations. This highlights significant security implications for applications relying on this library, emphasizing the need for timely updates and scrutiny in the utilization of dual XML parsers.
Detailed Description:
The vulnerabilities identified in the ruby-saml library allow attackers who possess a valid signature to construct their own SAML assertions, effectively enabling account takeover attacks. The following points summarize the key issues and implications from the text:
– **Vulnerabilities**: Critical authentication bypass vulnerabilities (CVE-2025-25291 and CVE-2025-25292) that stem from issues related to the use of two different XML parsers (REXML and Nokogiri) during signature verification processes in ruby-saml.
– **Implications**: These vulnerabilities pose a grave risk for applications that employ the ruby-saml library for SSO via SAML, potentially allowing unauthorized access to user accounts.
– **GitHub’s Actions**: Although GitHub does not currently use ruby-saml for authentication, it undertook an evaluation of the library due to previous bug bounty reports and found exploitable instances in GitLab, prompting proactive outreach to their security team.
– **Attack Vector**: Exploitation can occur when REXML and Nokogiri handle the same XML input differently, which could mislead the application into validating incorrect signatures – a phenomenon termed “parser differentials”.
– **Research Collaboration**: The discovery involved collaboration among bug bounty researchers who independently noted the same critical issue with the library’s handling of signatures and the parsing of XML.
– **Mitigation Strategy**: Recommendations include updating to the latest version (1.18.0) of the ruby-saml library to patch the vulnerabilities. Furthermore, there is a suggestion for users to scrutinize logs for suspicious logins unrelated to a user’s expected location.
– **Security Recommendations**: Users of the library are urged to ensure compliance by updating their dependencies, as outdated versions can expose organizations to significant security risks.
Overall, the text provides a detailed analysis of vulnerabilities that emphasize the importance of robust security practices in the implementation and maintenance of libraries that handle sensitive authentication mechanisms, highlighting the need for awareness and prompt action within development and security teams.