The Safewhere Identity Blog

paraglider

Safewhere not affected by SAML vulnerability

Duo Security recently discovered a security vulnerability that have affected multiple SAML-based single sign-on solutions. This vulnerability allows an attacker with authenticated access to log in as a different user, even without knowing that user’s password. This means that attackers can impersonate users with greater access privileges or elevate their own privileges to obtain access to sensitive resources.

We can happily inform that users authenticating into Safewhere are not affected by this issue. The engine that Safewhere uses to parse SAML responses is built based on Microsoft’s WIF which is not susceptible to the vulnerability.

You can read more information on SAML, details of the exploit and affected vendors in Duo’s announcement here: https://duo.com/blog/duo-finds-saml-vulnerabilities-affecting-multiple-implementations

If you have any further questions or concerns, don’t hesitate to contact us at info@safewhere.com or +45 7199 9007

Share

We use cookies to collect statistical information in order to improve the website and user experience to match the needs of the majority. You can always delete the saved cookies in your browser settings. Read more

We use cookies to collect statistical information in order to improve the website and user experience to match the needs of the majority. You can always delete the saved cookies in your browser settings.

Close