Safewhere not affected by SAML vulnerability
Duo Security recently discovered a security vulnerability that have affected multiple SAML-based single sign-on solutions. This vulnerability allows an attacker with authenticated access to log in as a different user, even without knowing that user’s password. This means that attackers can impersonate users with greater access privileges or elevate their own privileges to obtain access to sensitive resources.
We can happily inform that users authenticating into Safewhere are not affected by this issue. The engine that Safewhere uses to parse SAML responses is built based on Microsoft’s WIF which is not susceptible to the vulnerability.
You can read more information on SAML, details of the exploit and affected vendors in Duo’s announcement here: https://duo.com/blog/duo-finds-saml-vulnerabilities-affecting-multiple-implementations
If you have any further questions or concerns, don’t hesitate to contact us at firstname.lastname@example.org or +45 7199 9007