SuiteCRM – SAML authentication vulnerability

There’s a serious bug in the current implementation of SAML authentication which allows an unauthenticated attacker to log into any existing user account without a password. The details have been reported to the vendor.

The quick fix below has been tested with SuiteCRM-7.8.18 LTS but may also work with newer SuiteCRM versions.

NameSizeMD5
SuiteCRM-7.8.18-SAML-auth.patch895 B43f851518ce8147efcfdd128d06ab5ab

To apply the patch on a Linux system run the following command in the SuiteCRM root:

# patch -p0 <SuiteCRM-7.8.18-SAML-auth.patch
Posted in Software, System Administration Tagged with: ,
potato