FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

SOGo -- SAML user authentication impersonation

Affected packages
sogo < 5.1.1
sogo-activesync < 5.1.1
sogo2 < 2.4.1
sogo2-activesync < 2.4.1

Details

VuXML ID 69815a1d-c31d-11eb-9633-b42e99a1b9c3
Discovery 2021-06-01
Entry 2021-06-02

sogo.nu reports:

SOGo was not validating the signatures of any SAML assertions it received.

This means any actor with network access to the deployment could impersonate

users when SAML was the authentication method.

[source]

References

CVE Name CVE-2021-33054
URL https://blogs.akamai.com/2021/06/sogo-and-packetfence-impacted-by-saml-implementation-vulnerabilities.html
URL https://www.sogo.nu/news/2021/saml-vulnerability.html

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.