Forum Discussion

Icon for Nimbostratus rank

Nimbostratus

Feb 28, 2018

Is F5 SAML implementation in APM vulnerable to the recent authentication bypass attacks via incorrect XML canonicalization and DOM traversal?

Hi all,

Duo Security has published several vulnerabilities on SAML implmentations, which apparently is related to XML canonicalization and DOM traversal.

Does anyone know if F5 implementation is vulnerable or not?

Regards

BIG-IP Access Policy Manager (APM)

Nav_126513
Nimbostratus
Feb 28, 2018
Related CERT entry
amayle_299737
Nimbostratus
Feb 28, 2018
I would also like to find out if the APM is affected. We utilise OKTA via the APM and although OKTA isn't vulnerable, I am unable to find any info on whether the APM is affected.
- amayle_299737
  Nimbostratus
  Mar 01, 2018
  Thanks Erik.
Erik
Nimbostratus
Mar 01, 2018
Hi, F5 have make a comment on this. See K54462059

Recent Discussions

Under Attack? F5 Will Help You.
Contacting F5 Support?

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming