Vulnerability Alert
CVE-2021-3196 Attackers Can Impersonate Another User
Severity: Critical
CVE-2021-3196 Attackers Can Impersonate Another User
Bravura Security has identified a vulnerability where attackers can impersonate another user, including higher privilege levels.
Issue
When using federated identity management (authenticating via SAML through a third-party identity provider), an attacker injects additional data into a signed SAML response being transmitted to the service provider (Bravura Security Fabric). The application successfully validates the signed values but uses the unsigned malicious values. An attacker with lower-privilege access to the application can inject the username of a high-privilege user to impersonate that user.
Affected Versions
The vulnerability affects versions 11.0.0 - 11.1.3, 12.0.0 - 12.0.2, and 12.1.0 when authentication is being done through a third-party SAML Identity Provider such as Okta, Azure, or SecureAuth.
Remediations
If your Bravura Security Fabric solution authenticates via SAML with a third party service such as Okta, Azure, or SecureAuth, please check this knowledge base article for more information. The article contains details for requesting a patch from Bravura Security if a member of our team has not already been in contact with you on this topic.
Mitigations
If you are not able to apply the recommended remediation we recommend you disable SAML integrations with third party Identity Providers and rely on built in authentication strategies.
Questions
Please contact customersuccess@hitachi-id.com if you have further questions on this topic.
Acknowledgments
Bravura Security would like to thank Michael Ellis for notifying us of this vulnerability.