fbpx
Frame-14

Privacy Ninja

        • DATA PROTECTION

        • CYBERSECURITY

        • Penetration Testing

          Secure your network against various threat points. VA starts at only S$1,000, while VAPT starts at S$4,000. With Price Beat Guarantee!

        • API Penetration Testing
        • Enhance your digital security posture with our approach that identifies and addresses vulnerabilities within your API framework, ensuring robust protection against cyber threats targeting your digital interfaces.

        • On-Prem & Cloud Network Penetration Testing
        • Boost your network’s resilience with our assessment that uncovers security gaps, so you can strengthen your defences against sophisticated cyber threats targeting your network

        • Web Penetration Testing
        • Fortify your web presence with our specialised web app penetration testing service, designed to uncover and address vulnerabilities, ensuring your website stands resilient against online threats

        • Mobile Penetration Testing
        • Strengthen your mobile ecosystem’s resilience with our in-depth penetration testing service. From applications to underlying systems, we meticulously probe for vulnerabilities

        • Cyber Hygiene Training
        • Empower your team with essential cybersecurity knowledge, covering the latest vulnerabilities, best practices, and proactive defence strategies

        • Thick Client Penetration Testing
        • Elevate your application’s security with our thorough thick client penetration testing service. From standalone desktop applications to complex client-server systems, we meticulously probe for vulnerabilities to fortify your software against potential cyber threats.

        • Source Code Review
        • Ensure the integrity and security of your codebase with our comprehensive service, meticulously analysing code quality, identifying vulnerabilities, and optimising performance for various types of applications, scripts, plugins, and more

        • Email Spoofing Prevention
        • Check if your organisation’s email is vulnerable to hackers and put a stop to it. Receive your free test today!

        • Email Phishing Excercise
        • Strengthen your defense against email threats via simulated attacks that test and educate your team on spotting malicious emails, reducing breach risks and boosting security.

        • Cyber Essentials Bundle
        • Equip your organisation with essential cyber protection through our packages, featuring quarterly breached accounts monitoring, email phishing campaigns, cyber hygiene training, and more. LAUNCHING SOON.

Critical Golang XML Parser Bugs Can Cause SAML Authentication Bypass

Critical Golang XML Parser Bugs Can Cause SAML Authentication Bypass

This week, Mattermost, in coordination with Golang has disclosed 3 critical vulnerabilities within Go language’s XML parser.

If exploited, these vulnerabilities, also impacting multiple Go-based SAML implementations, can lead to a complete bypass of SAML authentication which powers prominent web applications today.

XML parser doesn’t guarantee integrity

The XML round-trip vulnerabilities listed below lurk in Golang’s XML language parser encoding/xml whichdoesn’t return reliable results when encoding and decoding XML input.

This means an XML markup when encoded and decoded using the parser may return inconsistent and unexpected results.

Also Read: How To Make A PDPC Complaint: With Its Importance And Impact

“As evident from the titles, the vulnerabilities are closely related. The core issue is the same in all three: maliciously crafted XML markup mutates during round-trips through Go’s decoder and encoder implementations,” said Juho Nurminen,  Product Security Engineer at Mattermost.

Nurminen explained this means if an application is using the XML parser, the encoder and decoder wouldn’t preserve the semantics of the original markup.

“If your application processes XML and, while processing it, parses markup that’s the output of at least one preceding round of parsing and serialization, you can no longer assume the output of that parsing matches the output from the preceding round. In other words, passing XML through Go’s decoder and encoder doesn’t preserve its semantics,” explained Nurminen.

One of the partial fixes made for the vulnerabilities demonstrates the inconsistencies that can occur during XML parsing due to these flaws.

For example, `<:name>` would have the colon stripped, and likewise, an XML tag with an attribute containing an empty value (“”) would be rendered without the attribute altogether during serialization.

Complete SAML authentication bypass possible

While at a first glance, this may seem like a trivial bug, Mattermost stresses that multiple applications expect semantic integrity and these vulnerabilities can have serious consequences.

For example, various SAML implementations, relying on the said XML parser can be tricked by attackers to bypass SAML authentication altogether.

Security Assertion Markup Language (SAML) is a web authentication standard used by multiple, prominent websites and services to facilitate easier online sign-in that uses XML.

 “Because of these vulnerabilities, Go-based SAML implementations are in many cases open to tampering by an attacker: by injecting malicious markup to a correctly signed SAML message, it’s possible to make it still appear correctly signed, but change its semantics to convey a different identity than the original document,” warned Mattermost.

Should a mission-critical application be using the XML parser, the impact within an SAML SSO system can be privilege escalation or authentication bypass, depending on how the application is using the vulnerable XML parser.

Also Read: Deemed Consent PDPA: How Do Businesses Comply?

No patch available for the parser itself

It is worth noting, Go security team has advised at this time, there is no patch available to adequately patch these vulnerabilities.

The fix commit described above also states that round-trip stability is not a supported security property of encoding/xml, making the fix alone insufficient to guarantee XML parsing reliability.

However, fixed versions have been released for some of the individual Go-based SAML projects, such as:

Additionally, Mattermost has provided a tool “xml-roundtrip-validator” that can be used as a workaround when incorporating XML validation in your application.

The complete findings by Mattermost researchers and the disclosure timeline are provided in their blog post.

0 Comments

KEEP IN TOUCH

Subscribe to our mailing list to get free tips on Data Protection and Data Privacy updates weekly!

Personal Data Protection

REPORTING DATA BREACH TO PDPC?

We have assisted numerous companies to prepare proper and accurate reports to PDPC to minimise financial penalties.
×

Hello!

Click one of our contacts below to chat on WhatsApp

× Chat with us