Hacker News with Generative AI: SAML

Sign in as anyone: Bypassing SAML SSO authentication with parser differentials (github.blog)
Critical authentication bypass vulnerabilities (CVE-2025-25291 + CVE-2025-25292) were discovered in ruby-saml up to version 1.17.0. Attackers who are in possession of a single valid signature that was created with the key used to validate SAML responses or assertions of the targeted organization can use it to construct SAML assertions themselves and are in turn able to log in as any user.
SAMLStorm: Critical Authentication Bypass in XML-crypto and Node.js libraries (workos.com)
On Tuesday, March 4, 2025, WorkOS received a critical security report from researcher Alexander Tan (ahacker1) detailing a zero-day vulnerability in the widely used xml-crypto and SAML libraries in the Node.js ecosystem. This flaw allows attackers to forge SAML authentication responses, potentially granting unauthorized access to any user account in affected applications—including admin accounts—without any user interaction. If exploited, this vulnerability could enable full account takeovers across organizations relying on SAML-based single sign-on (SSO).
Sign in as anyone: Bypassing SAML SSO authentication with parser differentials (github.blog)
Critical authentication bypass vulnerabilities (CVE-2025-25291 + CVE-2025-25292) were discovered in ruby-saml up to version 1.17.0. Attackers who are in possession of a single valid signature that was created with the key used to validate SAML responses or assertions of the targeted organization can use it to construct SAML assertions themselves and are in turn able to log in as any user.
Ruby-SAML pwned by XML signature wrapping attacks (ssoready.com)
CVE-2024-45409 was published on September 10, 2024. It’s yet another XML signature wrapping attack, this time affecting the main Ruby implementation of SAML. The vuln allows an attacker log in as any arbitrary user of the affected system.
Visual explanation of SAML authentication (2020) (sheshbabu.com)
A Gentle Introduction to SAML (ssoready.com)