SuiteCRM – SAML authentication vulnerability

There’s a serious bug in the current implementation of SAML authentication which allows an unauthenticated attacker to log into any existing user account without a password. The details have been reported to the vendor.

The quick fix below has been tested with SuiteCRM-7.8.18 LTS but may also work with newer SuiteCRM versions.

NameSizeMD5
SuiteCRM-7.8.18-SAML-auth.patch895 B43f851518ce8147efcfdd128d06ab5ab

To apply the patch on a Linux system run the following command in the SuiteCRM root:

# patch -p0 <SuiteCRM-7.8.18-SAML-auth.patch
Posted in Software, System Administration Tagged with: ,
Zadarma - недорогие звонки по всему миру
potato

Xmas

Merry Xmas, friend!

Browser out of date

You should update your browser. If you continue, some features of this site may not work as intended.

No cookies

You have to enable cookies for this site to work properly.

No JavaScript

You need to enable JavaScript to access all features of this site.

About cookies

By using this website you consent to the use of cookies. This is necessary for normal operation of the site, targeted advertising and traffic analysis. Read our full Privacy notice.