Does the SAML 2.0 component protect against XML signature wrapping attacks?
I could not find any documentation on it.
Thanks
-Mark
Hi Mark
We don’t believe we are vulnerable to XML signature wrapping (XSW) attacks.
One of the authors of the original On Breaking SAML paper contacted us in 2012 and shortly afterwards we provided an update which prevents this type of attack.
<o:p></o:p>
[quote]
[/quote]
Thanks for the quick reply.
Do you have any documentation to that affect and possibly speaking to other security related points of your component?
The following document is a statement in response to XSW.
XML Signature Wrapping Attacks
It doesn’t go into details but rather identifies the versions of our SAML components that were vulnerable to these attacks.
These updates date back to 2012.
There have been no other security vulnerabilities.
[quote][/quote]
The following document is a statement in response to XSW.
XML Signature Wrapping Attacks
It doesn't go into details but rather identifies the versions of our SAML components that were vulnerable to these attacks.
These updates date back to 2012.
There have been no other security vulnerabilities.
XML Signature Wrapping Attacks
It doesn't go into details but rather identifies the versions of our SAML components that were vulnerable to these attacks.
These updates date back to 2012.
There have been no other security vulnerabilities.
Hi, this pdf gives a 404. Do you have a valid link?
My apologies. The link should now work.