Reputation: 19
SAML private key leak
I have encountered a data leak recently and it turns out source code got leaked. I'm analysing everything that might come back to bite me and of the things is SAML private key.
Could a private key be used with malicious intent? I understand it gives the ability to decrypt SAML requests and the possibility to create some aswell, but I am far from knowledgable on the subject.
Thanks!
Z
Upvotes: 0
Views: 419
Answers (1)
Reputation: 5595
First just as a note. Never store any secrets in source code. There are many good solutions available for secrets management.
Next, as with any leakage of keys. Change the key immediately so that it can not be used by anyone anymore. One idea could be to try and monitor any usage of the old key to get a understanding of if anyone is trying to use it. If you have any good logs at the other party on the SAML communication you could try to see if there have been request from other IPs than yours.
As for risks. Take this as advice, real risk will depend on context. If you are the SP the private key is user to authenticate and sign when sending messages to the IdP and decrypting message from the IdP. Signing and auth probably includes AuthnRequest, possibly Single Logout messages and Artifact binding artifact exchange.
In a AuthnRequest there is generally not much that is sensitive to modification.
Creation or modification of SLO message could lead to signing out users with they requesting it. Not good but not the worst
Compromizing the exchange in the artifact binding could let the attacker get a hold of the Artifact, but this is generally no worst than most cases where another binding is used.
As for decryption. It depends on the sensitivity of what your encrypting. The basic information inside a Assertion of response should not be sensetive by default, but you can include attributes by your own that can be sensitive, for example personal information. If a attacker gets a hold of a Assertion , which is sent over the user browser, they can read that information with you private key.
If you are a IdP, this one of the worst cases. If the attacker can redirect IdPs to talk to their server instead of the real IdP, they can issue SAML responses and Assertion and pretend to be any user they want into any of the connected SPs.
In this case you must really start a thorough investigation on the SPs to understand the impact.
Hope this helps. Summing up, if you are a SP there is not very much worry about. If your a IdP your in for a ride.
Upvotes: 2
Related Questions
- SAML 2.0 Authentication Using PHP
- Moodle and SAML2 SSO Auth plugin loops
- SSO SAML2.0 implementation in PHP
- How to process SAML from idp initiated SSO using PHP?
- saml-php error code explanation
- Single Sign On SAML service failing to decrypt
- How can I decrypt SAML with PHP?
- Simple SAML certificate not matching fingerprint
- Simplesamlphp wrong metadata
- How to configure SSO by SAML on Drupal?