For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

Nav_126513's avatar
Nav_126513
Icon for Nimbostratus rankNimbostratus
Feb 28, 2018

Is F5 SAML implementation in APM vulnerable to the recent authentication bypass attacks via incorrect XML canonicalization and DOM traversal?

Hi all,   Duo Security has published several vulnerabilities on SAML implmentations, which apparently is related to XML canonicalization and DOM traversal.   Does anyone know if F5 implementati...
BIG-IP Access Policy Manager (APM)
saml
security
amayle_299737's avatar
amayle_299737
Icon for Nimbostratus rankNimbostratus
Feb 28, 2018

I would also like to find out if the APM is affected. We utilise OKTA via the APM and although OKTA isn't vulnerable, I am unable to find any info on whether the APM is affected.

 

amayle_299737's avatar
amayle_299737
Icon for Nimbostratus rankNimbostratus
Mar 01, 2018

Thanks Erik.