high
7.5
CWE
345
Advisory Published
CVE Published
Updated

CVE-2023-49087: Validation of SignedInfo

First published: Tue Nov 28 2023(Updated: )

Validation of an XML Signature requires verification that the hash value of the related XML-document (after any optional transformations and/or normalizations) matches a specific DigestValue-value, but also that the cryptografic signature on the SignedInfo-tree (the one that contains the DigestValue) verifies and matches a trusted public key. Within the simpleSAMLphp/xml-security library (https://github.com/simplesamlphp/xml-security), the hash is being validated using SignedElementTrait::validateReference, and the signature is being verified in SignedElementTrait::verifyInternal https://github.com/simplesamlphp/xml-security/blob/master/src/XML/SignedElementTrait.php: ![afbeelding](https://user-images.githubusercontent.com/841045/285817284-a7b7b3b4-768a-46e8-a34b-61790b6e23a5.png) What stands out is that the signature is being calculated over the canonical version of the SignedInfo-tree. The validateReference method, however, uses the original non-canonicalized version of SignedInfo. ### Impact If an attacker somehow (i.e. by exploiting a bug in PHP's canonicalization function) manages to manipulate the canonicalized version's DigestValue, it would be potentially be possible to forge the signature. No possibilities to exploit this were found during the investigation.

Credit: security-advisories@github.com

Affected SoftwareAffected VersionHow to fix
composer/simplesamlphp/saml2=5.0.0-alpha.12
5.0.0-alpha.13
composer/simplesamlphp/xml-security=1.6.11
1.6.12
SimpleSAMLphp=5.0.0-alpha12
simpleSAMLphp xml-security=1.6.11

Remedy

https://github.com/simplesamlphp/xml-security/commit/f509e3083dd7870cce5880c804b5122317287581

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

Reference Links

Frequently Asked Questions

  • What is CVE-2023-49087?

    CVE-2023-49087 is a vulnerability that involves the validation of an XML Signature and the verification of the hash value of the related XML document.

  • How does CVE-2023-49087 impact the affected software?

    CVE-2023-49087 impacts the affected software by allowing an attacker to bypass the verification of the hash value and potentially perform unauthorized actions.

  • What is the severity of CVE-2023-49087?

    CVE-2023-49087 has a severity value of 6.8, which is classified as medium.

  • How can I fix CVE-2023-49087?

    To fix CVE-2023-49087, you should update the affected software to the recommended versions: simplesamlphp/saml2 v5.0.0-alpha.13 and simplesamlphp/xml-security v1.6.12.

  • Where can I find more information about CVE-2023-49087?

    You can find more information about CVE-2023-49087 in the following references: [GitHub Advisory](https://github.com/simplesamlphp/xml-security/security/advisories/GHSA-ww7x-3gxh-qm6r), [Commit Details](https://github.com/simplesamlphp/xml-security/commit/f509e3083dd7870cce5880c804b5122317287581), and [Source Code](https://github.com/simplesamlphp/xml-security/blob/master/src/XML/SignedElementTrait.php).

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2025 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203