2014-02-14 Instructure Advisory IAC44584 - SAML Signature Wrapping

Document created by jordan@instructure.com on Sep 22, 2015Last modified by jordan@instructure.com on Sep 22, 2015
Version 2Show Document
  • View in full screen mode

    SECURITY UPDATE

Canvas + Logo transparent (WHITE)- 300px.png

 

  Release Date:2014-02-14  (Last update can be found below the document title)
  Description:SAML XML Signature Wrapping
  Criticality Level:Highly Critical ( Less Critical < Critical < Moderately Critical < Highly Critical )
  Impact:

Manipulation of data

Exposure of Sensitive Information

Privilege escalation

  Systems Affected:Canvas LMS
  Solution Status:Patched
  Discovered By:

Vladislav Mladenov, Christian Mainka, Florian Feldmann and Julian Krautwald

Horst Görtz Institute for IT-Security, http://www.nds.rub.de/chair/news/

  Relevant Changesets:

https://github.com/instructure/canvas-lms/commit/b54d2801df91bf1f9ff69dd2d70daef1c37d3e87

https://github.com/instructure/canvas-lms/commit/1587b760013449cafb9474f15b8797b989069839 


 

Summary:

An attack against Canvas' SAML single sign-on implementation was discovered by security researchers. The attack could potentially allow a malicious Canvas user to use their valid SAML credentials to forge a login as a different user at their institution, giving them access to Canvas as that other user.

 

Status:

Fixed in Canvas Cloud. Users of Canvas CV are encouraged to either update to the most recent stable code or apply the patch manually.

 

 


Attachments

    Outcomes