CVE-2024-45409 (CVSS 10): Critical Ruby-SAML Flaw Leaves User Accounts Exposed
A critical security vulnerability, CVE-2024-45409, has been identified in the Ruby-SAML library, a widely used tool for implementing SAML (Security Assertion Markup Language) authorization on the client side. The flaw, with a CVSS score of 10, exposes systems using vulnerable versions of Ruby-SAML to a potential authentication bypass, allowing attackers to gain unauthorized access to user accounts.
The vulnerability affects Ruby-SAML versions <=1.12.2 and >=1.13.0 to 1.16.0. The core issue arises from an Incorrect XPath selector, which prevents the proper verification of the SAML Response signature. SAML (Security Assertion Markup Language) is a critical protocol for Single Sign-On (SSO) systems, allowing users to authenticate securely via an identity provider (IdP). In this case, the Ruby-SAML library fails to ensure the signature integrity of the SAML response, leading to a dangerous scenario.
An unauthenticated attacker with access to any valid signed SAML document—issued by a legitimate identity provider—can exploit this flaw. By forging a SAML Response or SAML Assertion with arbitrary data, the attacker can trick the vulnerable system into logging them in as any user. This essentially bypasses the entire authentication mechanism, potentially granting unauthorized access to sensitive data and critical systems.
The ramifications of CVE-2024-45409 are far-reaching. Many organizations rely on SAML-based authentication for securing access to their internal and external applications, meaning that this vulnerability could put sensitive user data and corporate assets at risk.
The vulnerability was reported by ahacker1 of SecureSAML.
Users of Ruby-SAML are strongly urged to update to the latest secure version of the library immediately.
