CVE-2019-10755
Predictable Value vulnerability in pac4j-saml (Maven)

Predictable Value No known exploit

What is CVE-2019-10755 About?

This vulnerability is a Predictable Value flaw in `pac4j-saml` 3.x, where the generated SAML identifiers use a cryptographically weak PRNG. The impact is potential impersonation or session hijacking, and it is easily exploitable for attackers who can predict the generated IDs. This only affects the `pac4j-saml` 3.x release.

Affected Software

org.pac4j:pac4j-saml <3.8.2

Technical Details

The pac4j-saml library, specifically its 3.x release, contains a predictable value vulnerability due to the use of apache commons-lang3 RandomStringUtils for generating SAML identifiers within SAML2Utils.java. RandomStringUtils utilizes a non-cryptographically strong pseudo-random number generator (PRNG). This allows an attacker, by observing enough generated SAML identifiers, to potentially predict future identifiers. With predictable SAML identifiers, an attacker could forge SAML assertions, impersonate users during the authentication process, or potentially hijack active SAML-based sessions by correctly guessing the expected ID, thus bypassing security controls reliant on the uniqueness and unpredictability of these identifiers.

What is the Impact of CVE-2019-10755?

Successful exploitation may allow attackers to impersonate legitimate users, bypass authentication, hijack user sessions, or undermine the integrity of SAML-based authentication systems.

What is the Exploitability of CVE-2019-10755?

Exploitation of this predictable value vulnerability is of moderate complexity, as it requires an attacker to gather enough generated SAML identifiers to analyze the PRNG's state and predict future outputs. Authentication may be required initially to observe the SAML messages. This is typically a remote attack, involving interception and analysis of SAML traffic. Prerequisites include the use of pac4j-saml 3.x within an application. The primary risk factor increasing exploitation likelihood is the reliance on these SAML identifiers for security-sensitive operations, coupled with the inherent predictability of the weak PRNG, making it possible for a determined attacker to bypass authentication or session integrity checks.

What are the Known Public Exploits?

PoC Author Link Commentary
No known exploits

What are the Available Fixes for CVE-2019-10755?

Available Upgrade Options

  • org.pac4j:pac4j-saml
    • <3.8.2 → Upgrade to 3.8.2

Struggling with dependency upgrades?

See how Resolved Security's drop-in replacements make it simple.

Book a demo

Additional Resources

What are Similar Vulnerabilities to CVE-2019-10755?

Similar Vulnerabilities: CVE-2019-16942 , CVE-2018-1000180 , CVE-2017-7525 , CVE-2016-1000338 , CVE-2015-0238

All Rights reserved 2025
Privacy Policy