{ "id": "security/saml-xml-signature-wrapping", "signature": "SAML XML signature wrapping attack bypasses signature validation", "signature_zh": "SAML XML签名包装攻击绕过签名验证", "regex": "SAML.*signature wrapping|XML signature bypass|SAML assertion injection", "domain": "security", "category": "protocol_error", "subcategory": null, "root_cause": "The SAML response contains multiple assertions, but the XML signature only covers a benign assertion; the attacker inserts a malicious assertion that is not signed but is processed by the application due to lax XML parsing logic.", "root_cause_type": "generic", "root_cause_zh": "SAML响应包含多个断言,但XML签名仅覆盖一个良性的断言;攻击者插入一个未签名的恶意断言,由于宽松的XML解析逻辑而被应用程序处理。", "versions": [ { "version": "SAML 2.0", "introduced": null, "deprecated": null, "removed": null, "behavior_change": null, "status": "active" }, { "version": "Shibboleth IdP 4.3.0", "introduced": null, "deprecated": null, "removed": null, "behavior_change": null, "status": "active" }, { "version": "Okta 2024.01.0", "introduced": null, "deprecated": null, "removed": null, "behavior_change": null, "status": "active" }, { "version": "OpenSAML 4.3.0", "introduced": null, "deprecated": null, "removed": null, "behavior_change": null, "status": "active" } ], "os_specific": {}, "dead_ends": [ { "action": "Only validating the signature on the first assertion in the response", "why_fails": "Attackers can reorder assertions or place the signed assertion anywhere; the application may process a later unsigned assertion.", "fail_rate": 0.9, "condition": "", "sources": [] }, { "action": "Using a DOM parser without disabling external entity processing", "why_fails": "This doesn't address signature wrapping; the parser still sees all assertions, and signature validation is not enforced on each.", "fail_rate": 0.95, "condition": "", "sources": [] } ], "workarounds": [ { "action": "Enforce that only the first (or a single) assertion in the SAML response is processed, and that it must be the one covered by the signature. Example in Java using OpenSAML: if (response.getAssertions().size() != 1) throw new SecurityException('Multiple assertions not allowed');", "success_rate": 0.9, "how": "Enforce that only the first (or a single) assertion in the SAML response is processed, and that it must be the one covered by the signature. Example in Java using OpenSAML: if (response.getAssertions().size() != 1) throw new SecurityException('Multiple assertions not allowed');", "condition": "", "sources": [] }, { "action": "Use a strict XML schema validation that rejects any unexpected elements or structure changes in the SAML response.", "success_rate": 0.8, "how": "Use a strict XML schema validation that rejects any unexpected elements or structure changes in the SAML response.", "condition": "", "sources": [] } ], "workarounds_zh": [ "强制只处理SAML响应中的第一个(或单个)断言,并且它必须是签名覆盖的那个。Java中使用OpenSAML的示例:if (response.getAssertions().size() != 1) throw new SecurityException('不允许有多个断言');", "使用严格的XML模式验证,拒绝SAML响应中任何意外的元素或结构变化。" ], "transition_graph": { "leads_to": [], "preceded_by": [], "frequently_confused_with": [] }, "official_doc_url": "https://wiki.shibboleth.net/confluence/display/OSAML/XML+Signature+Wrapping+Attack", "official_doc_section": null, "error_code": null, "verification_tier": "ai_generated", "confidence": 0.87, "fix_success_rate": 0.85, "resolvable": "true", "first_seen": "2023-11-05", "last_confirmed": "2024-06-01", "last_updated": "2024-06-01", "evidence_count": 1, "tags": [], "locale": "en", "aliases": [] }