CVE-2024-41107
Apache CloudStack: SAML Signature Exclusion
In short
Apache CloudStack's SAML authentication can be bypassed by submitting a fake login response without a signature, allowing attackers to impersonate any SAML user. This is critical because it grants full access to all resources controlled by the compromised account.
Technical detail
CVE-2024-41107 exploits improper signature validation in CloudStack's SAML authentication module (disabled by default). An unauthenticated attacker can forge a SAML response without cryptographic signature verification, bypassing authentication if SAML is enabled and the attacker knows or guesses a target username. Successful exploitation results in complete account takeover and unauthorized access to cloud resources.
Summary generated and translated by AI from the official description.
The CloudStack SAML authentication (disabled by default) does not enforce signature check. In CloudStack environments where SAML authentication is enabled, an attacker that initiates CloudStack SAML single sign-on authentication can bypass SAML authentication by submitting a spoofed SAML response with no signature and known or guessed username and other user details of a SAML-enabled CloudStack user-account. In such environments, this can result in a complete compromise of the resources owned and/or accessible by a SAML enabled user-account.
Affected users are recommended to disable the SAML authentication plugin by setting the "saml2.enabled" global setting to "false", or upgrade to version 4.18.2.2, 4.19.1.0 or later, which addresses this issue.
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Affected products
Apache Software Foundation · Apache CloudStackWant to know if your infrastructure is exposed to this?
Talk to TrueHacking →References
https://cloudstack.apache.org/blog/security-release-advisory-cve-2024-41107https://github.com/apache/cloudstack/issues/4519https://lists.apache.org/thread/5q06g8zvmhcw6w3tjr6r5prqdw6zckg3https://www.shapeblue.com/shapeblue-security-advisory-apache-cloudstack-cve-2024-41107http://www.openwall.com/lists/oss-security/2024/07/19/1http://www.openwall.com/lists/oss-security/2024/07/19/2