Vulnerability Alert

CVE-2021-3196 Attackers Can Impersonate Another User

Severity: Critical

CVE-2021-3196 Attackers Can Impersonate Another User

Hitachi ID has identified a vulnerability where attackers can impersonate another user, including higher privilege levels.

Issue

When using federated identity management (authenticating via SAML through a third-party identity provider), an attacker injects additional data into a signed SAML response being transmitted to the service provider (Hitachi ID Bravura Security Fabric). The application successfully validates the signed values but uses the unsigned malicious values. An attacker with lower-privilege access to the application can inject the username of a high-privilege user to impersonate that user.

Affected Versions

The vulnerability affects versions 11.0.0 - 11.1.3, 12.0.0 - 12.0.2, and 12.1.0 when authentication is being done through a third-party SAML Identity Provider such as Okta, Azure, or SecureAuth.

Remediations

If your Hitachi ID Bravura Security Fabric solution authenticates via SAML with a third party service such as Okta, Azure, or SecureAuth, please check this knowledge base article for more information. The article contains details for requesting a patch from Hitachi ID if a member of our team has not already been in contact with you on this topic. 

Mitigations

If you are not able to apply the recommended remediation we recommend you disable SAML integrations with third party Identity Providers and rely on built in authentication strategies.

Questions

Please contact customersuccess@hitachi-id.com if you have further questions on this topic.

Acknowledgments

Hitachi ID would like to thank Michael Ellis for notifying us of this vulnerability.