Ruby-SAML pwned by XML signature wrapping attacks | SSOReady

20-Sep-2024 503
CVE-2024-45409 was published on September 10, 2024. It’s yet another XML signature wrapping attack, this time affecting the main Ruby implementation of SAML. The vuln allows an attacker log in as any arbitrary user of the affected system.This attack keeps coming up again and again, and it keeps affecting huge swaths of the internet — this time, GitLab and much of the Ruby ecosystem — at a time.Here’s what this issue is, why it keeps happening, and what we can do about it.
Use coupon code:

RUBYONRAILS

to get 30% discount on our bundle!
Prepare for your next tech interview with our comprehensive collection of programming interview guides. Covering JavaScript, Ruby on Rails, React, and Python, these highly-rated books offer thousands of essential questions and answers to boost your interview success. Buy our 'Ultimate Job Interview Preparation eBook Bundle' featuring 2200+ questions across multiple languages. Ultimate Job Interview Preparation eBook Bundle