Reset Search
 

 

Article

SA43667 - 2018-03 Out-of-Cycle Advisory: SAML allow authentication bypass via incorrect XML canonicalization

« Go Back

Information

 
Product AffectedPulse Connect Secure, Pulse Workspace, Pulse One, virtual Traffic Manager (vTM)
Problem
Multiple Pulse Secure products utilizing SAML implementation could allow an attacker with an authenticated access to a SAML Identity Provider (IdP) to bypass authentication for a different user.  The cause is due to an inconsistency of XML DOM traversal APIs and handling of comment nodes.

CVE have been requested and will be updated in the future.

All Pulse Secure products were evaluated and the following products are known to be vulnerable by this issue:
  • All supported versions of Pulse Connect Secure with SAML authentication server configured as Service Provider
  • Pulse WorkSpace with SAML enabled
  • Pulse One with Enterprise (SAML) SSO enabled on the admin login
  • vTM 17.4 (Only) with a virtual server configured for SAML authentication.
Refer to KB43892 - What releases will Pulse Secure apply fixes to resolve security vulnerabilities? per our End of Engineering (EOE) and End of Life (EOL) policies.

All other Pulse Secure products (not listed above) were determined as not vulnerable.
Solution
Update: October 29, 2018

The following issue will be resolved in the following releases:
  • Pulse Connect Secure 9.0R2
  • Pulse Connect Secure 8.3R7 (tentative for end of November)
Workaround
  • Pulse Connect Secure customers with a multi-factor authentication configured does help mitigate the likelihood of the issue, but recommended to upgrade to a patch release when available
Implementation
Document History:
March 7th, 2018 - Initial document posted
July 11th, 2018 - Adding tentative dates for Pulse Connect Secure
Related Links
CVSS Score
Risk AssessmentPulse Connect Secure - Low
Pulse Workspace - Low
Pulse One - Low
vTM - Medium
Acknowledgements
Alert TypeSA - Security Advisory
Risk LevelMedium
Attachment 1 
Attachment 2 
Legacy ID

Feedback

 

Was this article helpful?


   

Feedback

Please tell us how we can make this article more useful.

Characters Remaining: 255