wsit
  1. wsit
  2. WSIT-1652

Question: Is metro affected by XML Signature wrapping (XSW) attacks?

    Details

    • Type: Task Task
    • Status: Open
    • Priority: Blocker Blocker
    • Resolution: Unresolved
    • Affects Version/s: None
    • Fix Version/s: None
    • Component/s: None
    • Labels:
      None

      Description

      There are some articles and documents rising up, that discuss the vulnerability to XSW attacks.

      See: 'On Breaking SAML: Be Whoever You Want to Be': http://www.nds.rub.de/media/nds/veroeffentlichungen/2012/08/03/BreakingSAML.pdf

      In this paper, the authors present an indepth analysis of 14 SAML frameworks and systems.
      During this analysis, they found critical XSW vulnerabilities in 11 of these frameworks. Unfortunately, metro is not analysed in this article.

      And 'XML Signature Best Practices': http://www.w3.org/TR/2012/NOTE-xmldsig-bestpractices-20120710

        Activity

        There are no comments yet on this issue.

          People

          • Assignee:
            Nithya Ramakrishnan
            Reporter:
            andreasnagel
          • Votes:
            0 Vote for this issue
            Watchers:
            0 Start watching this issue

            Dates

            • Created:
              Updated: