GHSA-JV46-XFWM-36J7

Vulnerability from github – Published: 2026-06-26 21:05 – Updated: 2026-06-26 21:05
VLAI
Summary
Relyra SAML SignatureValue not cryptographically verified -> authentication bypass
Details

Summary

Relyra 1.0.0 and 1.1.0 accept forged SAML signatures because SignatureValue was not cryptographically verified before the library returned a successful authentication result.

Details

In 1.0.0 and 1.1.0, the XMLDSig trust boundary was incomplete. :public_key.verify over the exclusive-C14N canonicalized SignedInfo was not performed against the configured IdP certificate's public key, DigestValue was not recomputed over the canonicalized referenced element, and canonicalize/2 remained an unused passthrough in the signature-verification path. The result was a structure-only acceptance path where document shape and trust-source rejection could succeed without proving the signature bytes.

Impact

A forged SignatureValue carrying an attacker-controlled NameID can be accepted as {:ok}. Any relying-party application using Relyra 1.0.0 or 1.1.0 can be logged into as an arbitrary user if it trusts the affected response path.

Patches

Relyra 1.2.0 closes the gap with real exclusive-C14N canonicalization, :public_key.verify against the configured IdP certificate's public key, and a constant-time DigestValue recompute/compare bound to the exact consumed node on both verify/4 and verify_metadata_root/4.

Workarounds

There is no safe configuration of 1.0.0 or 1.1.0. Upgrade to 1.2.0 or later.

Resources

  • Fix commit 2e45689 (wire real XMLDSig crypto into the candidate arm)
  • Fix commit 8910200 (close metadata trust bypass, pin over DER)
  • Regression proof: test/security/xml/adversarial_crypto_test.exs, test/relyra/metadata/auto_refresh_test.exs, test/security/ci_gate_integrity_test.exs
Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "Hex",
        "name": "relyra"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "1.0.0"
            },
            {
              "fixed": "1.2.0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2026-49454"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-287",
      "CWE-347"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2026-06-26T21:05:13Z",
    "nvd_published_at": "2026-06-18T21:16:29Z",
    "severity": "CRITICAL"
  },
  "details": "## Summary\n\nRelyra `1.0.0` and `1.1.0` accept forged SAML signatures because `SignatureValue` was not cryptographically verified before the library returned a successful authentication result.\n\n## Details\n\nIn `1.0.0` and `1.1.0`, the XMLDSig trust boundary was incomplete. `:public_key.verify` over the exclusive-C14N canonicalized `SignedInfo` was not performed against the configured IdP certificate\u0027s public key, `DigestValue` was not recomputed over the canonicalized referenced element, and `canonicalize/2` remained an unused passthrough in the signature-verification path. The result was a structure-only acceptance path where document shape and trust-source rejection could succeed without proving the signature bytes.\n\n## Impact\n\nA forged `SignatureValue` carrying an attacker-controlled `NameID` can be accepted as `{:ok}`. Any relying-party application using Relyra `1.0.0` or `1.1.0` can be logged into as an arbitrary user if it trusts the affected response path.\n\n## Patches\n\nRelyra `1.2.0` closes the gap with real exclusive-C14N canonicalization, `:public_key.verify` against the configured IdP certificate\u0027s public key, and a constant-time `DigestValue` recompute/compare bound to the exact consumed node on both `verify/4` and `verify_metadata_root/4`.\n\n## Workarounds\n\nThere is no safe configuration of `1.0.0` or `1.1.0`. Upgrade to `1.2.0` or later.\n\n## Resources\n\n- Fix commit `2e45689` (wire real XMLDSig crypto into the candidate arm)\n- Fix commit `8910200` (close metadata trust bypass, pin over DER)\n- Regression proof: `test/security/xml/adversarial_crypto_test.exs`, `test/relyra/metadata/auto_refresh_test.exs`, `test/security/ci_gate_integrity_test.exs`",
  "id": "GHSA-jv46-xfwm-36j7",
  "modified": "2026-06-26T21:05:13Z",
  "published": "2026-06-26T21:05:13Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/szTheory/relyra/security/advisories/GHSA-jv46-xfwm-36j7"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-49454"
    },
    {
      "type": "WEB",
      "url": "https://github.com/szTheory/relyra/commit/2e456897af3158c175bb490ce7fc51d6241c8922"
    },
    {
      "type": "WEB",
      "url": "https://github.com/szTheory/relyra/commit/8910200"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/szTheory/relyra"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Relyra SAML SignatureValue not cryptographically verified -\u003e authentication bypass"
}



Log in or create an account to share your comment.




Tags
Taxonomy of the tags.


Loading…

Loading…

Loading…

Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.

Sightings

Author Source Type Date Other

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Loading…

Detection rules are retrieved from Rulezet.

Loading…

Loading…