VU#780781: Casdoor contains mu... Note

VU#780781: Casdoor contains multiple authentication bypass and access management vulnerabilities

Casdoor versions 2.362.0 and earlier are vulnerable to critical identity and access management flaws. These vulnerabilities enable wide-ranging authentication bypass and privilege escalation. Several CVEs detail flaws in Casdoor's SAML processing related to certificate handling, assertion validation, and replay protection. The social-login binding flow allows bypassing MFA requirements, and unverified email binding may lead to account takeover. Token exchange mechanisms contain flaws enabling cross-organization privilege escalation and lack of token revocation. Attackers can exploit these flaws to impersonate users, bypass MFA, and gain persistent unauthorized access. The vulnerabilities arise from issues like arbitrary certificate usage, missing audience restrictions, and the absence of SAML assertion replay protection. Time bounds in SAML assertions are not enforced, further increasing risk. The platform fails to verify the active status of tokens used for exchange. The SAML callback handler accepts unsolicited SAML responses, leading to session hijacking. The impact is significant, potentially allowing attackers to compromise accounts and escalate privileges. Currently, a patch from Casdoor is unavailable; therefore, users should implement strict identity protection.