Techly NewsGet the app

Get the latest tech news

Sign in as anyone: Bypassing SAML SSO authentication with parser differentials


Critical authentication bypass vulnerabilities were discovered in ruby-saml up to version 1.17.0. See how they were uncovered.

In this blog post, we detail newly discovered authentication bypass vulnerabilities in the ruby-saml library used for single sign-on (SSO) via SAML on the service provider (application) side. While REXML is an XML parser implemented in pure Ruby, Nokogiri provides an easy-to-use wrapper API around different libraries like libxml2, libgumbo and Xerces (used for JRuby). If your company relies on open source software for business-critical functionality, consider sponsoring them to help fund their future development and bug fix releases.

Get the Android app

Or read this on Hacker News

Read more on:

Photo of sign

sign

Photo of parser differentials

parser differentials

Related news:

News photo

Nvidia revenues hit $39.3B, up 78% in FYQ4 — with no sign of slowdown (updated)

News photo

Nvidia Slides After Subdued Growth Fails to Wow Investors

News photo

Zoom Gives Lukewarm Outlook in Sign of Slow Payoff From New Products

« “Glue delamination”: Tesla reportedly halting Cybertruck deliveries amid concerns of bodywork pieces flying off at speed
Launching your first AI project with a grain of RICE: Weighing reach, impact, confidence and effort to create your roadmap »