CVE-2024-32962 Overview
CVE-2024-32962 is a critical signature verification bypass vulnerability in xml-crypto, a popular XML digital signature and encryption library for Node.js. The vulnerability exists because the default configuration does not verify the authorization of the signer—it only validates the mathematical correctness of the signature per section 3.2.2 of the W3C xmldsig-core specification. This fundamental design flaw allows malicious actors to re-sign XML documents with attacker-controlled certificates and pass default validation checks.
Critical Impact
An attacker can completely bypass XML signature verification by replacing legitimate signatures with attacker-generated signatures and embedding a malicious certificate in the <KeyInfo /> element. This undermines the entire trust model of XML digital signatures, potentially enabling authentication bypass, SAML assertion forgery, and complete identity spoofing in applications relying on xml-crypto for security-critical operations.
Affected Products
- xml-crypto versions 4.0.0 through 5.x (prior to version 6.0.0)
- Node.js applications using vulnerable xml-crypto versions for XML signature verification
- SAML implementations and identity providers relying on xml-crypto
Discovery Timeline
- 2024-05-02 - CVE CVE-2024-32962 published to NVD
- 2024-11-21 - Last updated in NVD database
Technical Details for CVE-2024-32962
Vulnerability Analysis
This vulnerability represents a Certificate Validation Bypass (CWE-347: Improper Verification of Cryptographic Signature) that fundamentally compromises the trust model of XML digital signatures. The root issue stems from how xml-crypto handles certificate extraction and validation during signature verification.
When processing a digitally signed XML document, xml-crypto's default behavior extracts and trusts any certificate embedded within the <KeyInfo /> element of the signature. The library verifies that the signature is mathematically valid using this certificate but fails to validate whether the certificate itself is trusted or authorized for the signing operation. This creates a critical gap where an attacker can forge documents by creating their own key pair, signing an arbitrary or modified XML document, and embedding their certificate directly in the document's <KeyInfo /> element.
The vulnerability was introduced in version 4.0.0 through changes in pull request #301 (commit c2b83f98). Additionally, even when applications explicitly configure a trusted certificate via the publicCert option, xml-crypto preferentially uses the certificate from the XML document's <KeyInfo /> element, completely bypassing the intended certificate pinning mechanism.
Root Cause
The root cause is improper verification of cryptographic signatures as defined by CWE-347. The xml-crypto library implements only the signature validation portion of the W3C XML Signature specification without implementing the critical signer authorization verification step. The getCertFromKeyInfo function extracts certificates from XML documents and returns them for use in signature verification without any authorization checks. This design trusts certificates solely because they are present in a digitally signed document, rather than validating them against a known trusted certificate authority or pinned certificate list.
Attack Vector
The attack vector is network-based and requires no authentication or user interaction. An attacker exploits this vulnerability through the following process:
- The attacker generates a new RSA or EC key pair under their control
- The attacker obtains or creates an XML document they wish to forge (such as a SAML assertion)
- The attacker signs the XML document using their private key
- The attacker embeds their public certificate in the <KeyInfo /> element of the signature
- The forged document is submitted to an application using vulnerable xml-crypto
- xml-crypto extracts the attacker's certificate from <KeyInfo /> and validates the signature
- Since the signature is mathematically valid against the embedded certificate, validation succeeds
The attack is particularly dangerous for SAML-based single sign-on (SSO) implementations, where attackers can forge authentication assertions to impersonate any user. Applications using xml-crypto to verify signed API requests, configuration files, or any trusted XML data are similarly vulnerable.
Detection Methods for CVE-2024-32962
Indicators of Compromise
- Unusual or unexpected certificates appearing in XML document <KeyInfo /> elements that don't match known trusted certificates
- Authentication events with valid SAML assertions but certificates issued by unknown or suspicious certificate authorities
- XML signatures where the signing certificate was recently created or has unusual metadata
- Log entries showing successful signature verification but with certificate fingerprints not in the trusted certificate store
Detection Strategies
- Implement application-level logging that captures certificate details (issuer, subject, fingerprint) during XML signature verification operations
- Compare certificates used in signature verification against a whitelist of known trusted certificates in application logs
- Monitor for SAML assertions or signed XML documents where the certificate issuer does not match expected identity providers
- Deploy network monitoring to detect XML documents with self-signed or internally-generated certificates being submitted to applications
Monitoring Recommendations
- Enable detailed audit logging for all authentication events in applications using xml-crypto
- Implement certificate fingerprint tracking and alerting when unknown certificates are used for signature verification
- Monitor Node.js application dependencies and alert on xml-crypto versions prior to 6.0.0
- Establish baseline certificate usage patterns and alert on deviations or new certificate authorities
How to Mitigate CVE-2024-32962
Immediate Actions Required
- Upgrade xml-crypto to version 6.0.0 or later immediately, as this version addresses the vulnerability through pull request #445 (commit 21201723d)
- Review all applications using xml-crypto and prioritize those handling authentication (SAML), authorization, or sensitive data signing
- Implement certificate validation as a defense-in-depth measure by checking extracted certificates against trusted sources before accepting validation results
- Audit recent authentication logs for any suspicious certificate usage that may indicate prior exploitation
Patch Information
The vulnerability has been addressed in xml-crypto version 6.0.0. The fix was implemented in commit 21201723d as part of pull request #445. Users should upgrade to this version or later. Additional vendor security information is available in the GitHub Security Advisory GHSA-2xp3-57p7-qf4v and the NetApp Security Advisory NTAP-20240705-0003.
Workarounds
- Validate certificates extracted via getCertFromKeyInfo against a list of trusted certificates before accepting signature verification results
- Configure getCertFromKeyInfo to return undefined by setting it to () => undefined, forcing xml-crypto to use an explicitly configured publicCert or privateKey for signature verification
- Implement application-level certificate pinning to reject any certificate not matching pre-configured trusted certificates
- Deploy Web Application Firewall (WAF) rules to inspect and reject XML documents with unexpected certificate values in <KeyInfo /> elements
// Workaround: Disable certificate extraction from XML documents
const { SignedXml } = require('xml-crypto');
const sig = new SignedXml();
// Force xml-crypto to use explicitly configured certificate
sig.getCertFromKeyInfo = () => undefined;
// Configure your trusted public certificate
sig.publicCert = trustedCertificatePEM;
// Now signature verification will only use the trusted certificate
Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.
