CVE-2021-3196 Attackers Can Impersonate Another User
Bravura Security has identified a vulnerability where attackers can impersonate another user, including higher privilege levels.
When using federated identity management (authenticating via SAML through a third-party identity provider), an attacker injects additional data into a signed SAML response being transmitted to the service provider (Bravura Security Fabric). The application successfully validates the signed values but uses the unsigned malicious values. An attacker with lower-privilege access to the application can inject the username of a high-privilege user to impersonate that user.
The vulnerability affects versions 11.0.0 - 11.1.3, 12.0.0 - 12.0.2, and 12.1.0 when authentication is being done through a third-party SAML Identity Provider such as Okta, Azure, or SecureAuth.
If your Bravura Security Fabric solution authenticates via SAML with a third party service such as Okta, Azure, or SecureAuth, please check this knowledge base article for more information. The article contains details for requesting a patch from Bravura Security if a member of our team has not already been in contact with you on this topic.
If you are not able to apply the recommended remediation we recommend you disable SAML integrations with third party Identity Providers and rely on built in authentication strategies.
Bravura Security would like to thank Michael Ellis for notifying us of this vulnerability.