SimpleSAMLphp 1.8.1 Security Fix

This is a security fix for two vulnerabilities with XML encryption in simpleSAMLphp. The two vulnerabilities are:

  • It may be possible to use an SP as a oracle to decrypt encrypted messages sent to that SP. This is the attack described in the paper “How to break XML encryption”:

    http://dx.doi.org/10.1145/2046707.2046756

  • It may be possible to use the SP as a key oracle which can be used to forge messages from that SP by issuing 300000-2000000 queries to the SP. This mainly affects SPs that use signed authentication requests. The attack is described in “Chosen Ciphertext Attacks Against Protocols Based on the RSA Encryption Standard PKCS #1.”:

    http://www.iacr.org/cryptodb/data/paper.php?pubkey=1037

    Thanks to Ian Young for alerting us of this problem.

Version 1.8.1 of simpleSAMLphp or significantly complicates these attacks by two changes:

  1. No longer display detailed exceptions for decryption failures.
  2. We perform “extra” work to combat timing attacks for the second attack.

Version 1.8.1 can be downloaded from:

http://simplesamlphp.googlecode.com/files/simplesamlphp-1.8.1.tar.gz

SHA1SUM:

eb152e76374e07010de7b3b9c0bf9c1d9cabe8fa simplesamlphp-1.8.1.tar.gz

Workaround:

By disabling the display of detailed error messages, both attacks become significantly more difficult. Display of detailed errors can be disabled by setting the ‘showerrors’ option in config.php to ‘FALSE’. Note that error messages are still displayed, but not exception information.

Older releases:

We have only released an update for version 1.8. If there is interest, we can also create updates / patches for older releases. Please let us know if you are interested in this.

Leave a Reply