Ruby-SAML pwned by XML signature wrapping attacks | SSOReady
20-Sep-2024 503
CVE-2024-45409 was published on September 10, 2024. It’s yet another XML signature wrapping attack, this time affecting the main Ruby implementation of SAML. The vuln allows an attacker log in as any arbitrary user of the affected system.This attack keeps coming up again and again, and it keeps affecting huge swaths of the internet — this time, GitLab and much of the Ruby ecosystem — at a time.Here’s what this issue is, why it keeps happening, and what we can do about it.
Ruby-SAML pwned by XML signature wrapping attacks | SSOReady #ruby #rubydeveloper #rubyonrails #Ruby-SAML #pwned #signature #wrapping #attacks #SSOReady https://rubyonrails.ba/link/ruby-saml-pwned-by-xml-signature-wrapping-attacks-ssoready