SECURITY UPDATE |  |
| Release Date: | 2014-02-14 (Last update can be found below the document title) |
| Description: | SAML XML Signature Wrapping |
| Criticality Level: | Highly Critical ( Less Critical < Critical < Moderately Critical < Highly Critical ) |
| Impact: | Manipulation of data Exposure of Sensitive Information Privilege escalation |
| Systems Affected: | Canvas LMS |
| Solution Status: | Patched |
| Discovered By: | Vladislav Mladenov, Christian Mainka, Florian Feldmann and Julian Krautwald Horst Görtz Institute for IT-Security, http://www.nds.rub.de/chair/news/ |
| Relevant Changesets: | https://github.com/instructure/canvas-lms/commit/b54d2801df91bf1f9ff69dd2d70daef1c37d3e87 https://github.com/instructure/canvas-lms/commit/1587b760013449cafb9474f15b8797b989069839 |
Summary:
An attack against Canvas' SAML single sign-on implementation was discovered by security researchers. The attack could potentially allow a malicious Canvas user to use their valid SAML credentials to forge a login as a different user at their institution, giving them access to Canvas as that other user.
Status:
Fixed in Canvas Cloud. Users of Canvas CV are encouraged to either update to the most recent stable code or apply the patch manually.
