[midPoint] Security Advisory: CSRF protection was not working if user logged using SAML2 or OIDC
Tony Tkacik
tony.tkacik at evolveum.com
Thu Sep 21 17:04:40 CEST 2023
Date: 20. 9. 2023
Severity: High
Affected versions: All midPoint versions prior to 4.4.6, 4.7.2
Fixed in versions: 4.8 (unreleased), 4.7.2, 4.4.6, 4.6.2 (unreleased)
Description
CSRF vulnerability exists if midPoint is configured to use remote authentication using SAML 2 or OIDC and user was authorized using these providers. Users authenticated using built-in login form are not affected.
Severity and Impact
This is High Severity Issue
Normal built-in midPoint login is not affected, but it is possible to construct CSRF attack for logged-in user if remote authentication via SAML 2 or OIDC was used to log in.
Mitigation
Users of affected MidPoint versions are advised to upgrade their deployments to the latest maintenance release.
Users of midPoint 4.6 should use build from support branch.
Discussion and Explanation
During remote authentication sequence token-based CSRF protection (provided by Spring Framework) needs to be disabled for session, but the issue was that it was not automatically re-enabled once authentication was completed. The fixed code contains improved conditions and token based CSRF is enforced once remote authentication is completed.
This advisory is also available at [ https://docs.evolveum.com/midpoint/reference/security/advisories/020-csrf-not-working-when-using-saml2/ | https://docs.evolveum.com/midpoint/reference/security/advisories/020-csrf-not-working-when-using-saml2/ ]
--
Anton Tkáčik
Software Developer
evolveum.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20230921/a5e669b6/attachment-0001.htm>
More information about the midPoint
mailing list