Headline
GHSA-wjmp-wphq-jvqf: Passport-wsfed-saml2 allows SAML Authentication Bypass via Signature Wrapping
Overview
This vulnerability allows an attacker to impersonate any user during SAML authentication by crafting a SAMLResponse. This can be done by using a valid SAML object that was signed by the configured IdP.
Am I Affected?
You are affected by this SAML Signature Wrapping vulnerability if you are using passport-wsfed-saml2 version 4.6.3 or below, specifically under the following conditions:
- The service provider is using
passport-wsfed-saml2, - A valid SAML document signed by the Identity Provider can be obtained.
Fix
Upgrade to v4.6.4 or greater.
- GitHub Advisory Database
- GitHub Reviewed
- CVE-2025-46572
Passport-wsfed-saml2 allows SAML Authentication Bypass via Signature Wrapping
Critical severity GitHub Reviewed Published May 6, 2025 in auth0/passport-wsfed-saml2 • Updated May 6, 2025
Package
npm passport-wsfed-saml2 (npm)
Affected versions
>= 3.0.5, <= 4.6.3
Overview
This vulnerability allows an attacker to impersonate any user during SAML authentication by crafting a SAMLResponse. This can be done by using a valid SAML object that was signed by the configured IdP.
Am I Affected?
You are affected by this SAML Signature Wrapping vulnerability if you are using passport-wsfed-saml2 version 4.6.3 or below, specifically under the following conditions:
- The service provider is using passport-wsfed-saml2,
- A valid SAML document signed by the Identity Provider can be obtained.
Fix
Upgrade to v4.6.4 or greater.
References
- GHSA-wjmp-wphq-jvqf
- auth0/passport-wsfed-saml2@e5cf3cc
Published to the GitHub Advisory Database
May 6, 2025