A security vulnerability has been identified in various versions of the Mendix SAML module, specifically in Mendix 7, Mendix 8, and Mendix 9 compatible versions. This vulnerability allows for potential packet capture replay attacks when the non-default configuration option 'Allow Idp Initiated Authentication' is enabled. This post aims to provide a detailed explanation of the vulnerability, along with code snippets, links to original references, and information on the exploit. This vulnerability is related to an incomplete fix for the previously reported CVE-2022-37011.

Details

The Mendix SAML module provides Single Sign-On (SSO) capabilities for Mendix applications. The vulnerability is present in the module when the 'Allow Idp Initiated Authentication' configuration option is enabled, which is not recommended as a default setting. With this option enabled, the module does not adequately protect against packet capture replay attacks. This issue is a result of an incomplete fix for the previous CVE-2022-37011 vulnerability.

Exploit

An attacker who is able to capture SAML packets could potentially exploit this vulnerability by replaying the captured packets, even if the SSO session has already been established. This could allow unauthorized access to Mendix applications, potentially leading to data breaches or other security issues.

Mitigation

It is recommended to disable the 'Allow Idp Initiated Authentication' configuration option, thereby ensuring the module provides sufficient protection against packet capture replay attacks. If this option is required for your use case, we strongly recommend upgrading the Mendix SAML module to the latest available version that resolves the vulnerability:

Mendix SAML (Mendix 9 compatible, Upgrade Track) - Upgrade to V3.3.4 or later

Additionally, it is important to regularly review and update your Mendix applications and modules to ensure they are protected against known security vulnerabilities.

References

1. Original CVE information: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-44457
2. Mendix SAML module documentation: https://docs.mendix.com/appstore/modules/saml
3. Mendix security best practices: https://docs.mendix.com/howto7/general/bestpractices-security
4. Incomplete fix for CVE-2022-37011: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-37011

Conclusion

The CVE-2022-44457 vulnerability highlights the importance of regular maintenance and updates for your Mendix applications and modules. By ensuring you use up-to-date modules and follow security best practices, you can protect your Mendix applications from potential attacks and maintain a secure environment for your users.

Timeline

Published on: 11/08/2022 11:15:00 UTC
Last modified on: 12/13/2022 17:15:00 UTC