ComponentSpace

Forums



XML signature wrapping attacks


XML signature wrapping attacks

Author
Message
Markj
Markj
New Member
New Member (3 reputation)New Member (3 reputation)New Member (3 reputation)New Member (3 reputation)New Member (3 reputation)New Member (3 reputation)New Member (3 reputation)New Member (3 reputation)New Member (3 reputation)

Group: Awaiting Activation
Posts: 2, Visits: 2
Does the SAML 2.0 component protect against XML signature wrapping attacks?
I could not find any documentation on it.
Thanks
-Mark 
ComponentSpace
ComponentSpace
ComponentSpace Development
ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)

Group: Administrators
Posts: 3.2K, Visits: 11K
Hi Mark
We don't believe we are vulnerable to XML signature wrapping (XSW) attacks.
One of the authors of the original On Breaking SAML paper contacted us in 2012 and shortly afterwards we provided an update which prevents this type of attack.


Regards
ComponentSpace Development
Markj
Markj
New Member
New Member (3 reputation)New Member (3 reputation)New Member (3 reputation)New Member (3 reputation)New Member (3 reputation)New Member (3 reputation)New Member (3 reputation)New Member (3 reputation)New Member (3 reputation)

Group: Awaiting Activation
Posts: 2, Visits: 2
ComponentSpace - Friday, July 15, 2016
Hi Mark
We don't believe we are vulnerable to XML signature wrapping (XSW) attacks.
One of the authors of the original On Breaking SAML paper contacted us in 2012 and shortly afterwards we provided an update which prevents this type of attack.

Thanks for the quick reply.
Do you have any documentation to that affect and possibly speaking to other security related points of your component?
ComponentSpace
ComponentSpace
ComponentSpace Development
ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)

Group: Administrators
Posts: 3.2K, Visits: 11K
The following document is a statement in response to XSW.
XML Signature Wrapping Attacks
It doesn't go into details but rather identifies the versions of our SAML components that were vulnerable to these attacks.
These updates date back to 2012.
There have been no other security vulnerabilities.

Regards
ComponentSpace Development
estalillaj
estalillaj
New Member
New Member (2 reputation)New Member (2 reputation)New Member (2 reputation)New Member (2 reputation)New Member (2 reputation)New Member (2 reputation)New Member (2 reputation)New Member (2 reputation)New Member (2 reputation)

Group: Forum Members
Posts: 2, Visits: 10
ComponentSpace - 7/18/2016
The following document is a statement in response to XSW.
XML Signature Wrapping Attacks
It doesn't go into details but rather identifies the versions of our SAML components that were vulnerable to these attacks.
These updates date back to 2012.
There have been no other security vulnerabilities.

Hi, this pdf gives a 404. Do you have a valid link?
ComponentSpace
ComponentSpace
ComponentSpace Development
ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)

Group: Administrators
Posts: 3.2K, Visits: 11K
My apologies. The link should now work.

Regards
ComponentSpace Development
GO


Similar Topics


Execution: 0.000. 1 query. Compression Enabled.
Login
Existing Account
Email Address:


Password:


Select a Forum....












Forums, Documentation & Knowledge Base - ComponentSpace


Search