Reset Search



SA43667 - 2018-03 Out-of-Cycle Advisory: SAML allow authentication bypass via incorrect XML canonicalization

« Go Back


Product AffectedPulse Connect Secure, Pulse Workspace, Pulse One, virtual Traffic Manager (vTM)
Multiple Pulse Secure products utilizing SAML implementation could allow an attacker with an authenticated access to a SAML Identity Provider (IdP) to bypass authentication for a different user.  The cause is due to an inconsistency of XML DOM traversal APIs and handling of comment nodes.

CVE have been requested and will be updated in the future.

All Pulse Secure products were evaluated and the following products are known to be vulnerable by this issue:
  • All supported versions of Pulse Connect Secure with SAML authentication server configured as Service Provider
  • Pulse WorkSpace with SAML enabled
  • Pulse One with Enterprise (SAML) SSO enabled on the admin login
  • vTM 17.4 (Only) with a virtual server configured for SAML authentication.
Refer to KB43892 - What releases will Pulse Secure apply fixes to resolve security vulnerabilities? per our End of Engineering (EOE) and End of Life (EOL) policies.

All other Pulse Secure products (not listed above) were determined as not vulnerable.
The following issue will be resolved in the following releases:
  • Pulse Connect Secure 9.0R2
  • Pulse Connect Secure 8.3R7
  • Pulse Connect Secure 8.1R15
  • Pulse One 2.0.1820
  • Pulse Connect Secure customers with a multi-factor authentication configured does help mitigate the likelihood of the issue, but recommended to upgrade to a patch release when available
Document History:
March 7th, 2018 - Initial document posted
July 11th, 2018 - Adding tentative dates for Pulse Connect Secure
Related Links
CVSS Score
Risk AssessmentPulse Connect Secure - Low
Pulse Workspace - Low
Pulse One - Low
vTM - Medium
Alert TypeSA - Security Advisory
Risk LevelMedium
Attachment 1 
Attachment 2 
Legacy ID



Was this article helpful?



Please tell us how we can make this article more useful.

Characters Remaining: 255