Advisory: 2020-01 SAML SSO - SimpleSAMLphp Signature validation bypass

FileCloud installations using SAML SSO can be subject to  XML Signature Wrapping (XSW) attack in a third-party library (SimpleSAMLphp), which allowed to bypass the integrity and authenticity protection of the SAML assertion and change its contents arbitrarily.

The attacker needs, however, to be able to generate a valid SAML response issued by the targeted identity provider. This means the attacker must be in possession of an account in that IdP. While this can be seen as a mitigation, it should be noted that there is no limitation for an attacker in terms of what to include in the malicious assertion. Therefore, it is possible to impersonate any identity at the targeted IdP once the attacker has any kind of account there.

Solution

This has been fixed in FileCloud versions 19.3.0.6011 and later. 

If you are using FileCloud on premise installation, please update to the latest version.

If you are using FileCloud online, your site has already been updated to the latest version.