CVE-2024-41107 PoC — Apache CloudStack: SAML Signature Exclusion

Source

https://github.com/d0rb/CVE-2024-41107

Associated Vulnerability

Title:Apache CloudStack: SAML Signature Exclusion (CVE-2024-41107)
Description:The CloudStack SAML authentication (disabled by default) does not enforce signature check. In CloudStack environments where SAML authentication is enabled, an attacker that initiates CloudStack SAML single sign-on authentication can bypass SAML authentication by submitting a spoofed SAML response with no signature and known or guessed username and other user details of a SAML-enabled CloudStack user-account. In such environments, this can result in a complete compromise of the resources owned and/or accessible by a SAML enabled user-account. Affected users are recommended to disable the SAML authentication plugin by setting the "saml2.enabled" global setting to "false", or upgrade to version 4.18.2.2, 4.19.1.0 or later, which addresses this issue.

Description

This repository contains an PoC for the critical vulnerability identified as CVE-2024-41107 in Apache CloudStack

Readme

<div align="center">

 #  🇮🇱  **#BringThemHome #NeverAgainIsNow**   🇮🇱

**We demand the safe return of all citizens who have been taken hostage by the terrorist group Hamas. We will not rest until every hostage is released and returns home safely. You can help bring them back home.
https://stories.bringthemhomenow.net/**

</div>
# 🚀 CVE-2024-41107 Exploit 🚀

This repository contains an exploit for the critical vulnerability identified as **CVE-2024-41107** in Apache CloudStack. This vulnerability affects versions **4.5.0 through 4.18.2.1** and **4.19.0.0 through 4.19.0.2**. The flaw lies within the Security Assertion Markup Language (SAML) authentication mechanism, allowing attackers to submit unsigned SAML responses to gain unauthorized access to user accounts and control over cloud resources.

## ⚠️ Disclaimer ⚠️

This code is for **educational purposes only**. Unauthorized access to computer systems is illegal and unethical. Use this information responsibly and within the boundaries of the law.

## ✨ Features ✨

- Exploits the SAML authentication vulnerability in Apache CloudStack
- Bypasses signature checks to gain unauthorized access
- Demonstrates the critical nature of CVE-2024-41107

## 🛠️ Requirements 🛠️

- Python 3.x
- `requests` library
- `beautifulsoup4` library

Install the required libraries using:

```bash
pip install requests beautifulsoup4
```

## 📄 Usage 📄

1. **Clone the repository:**

```bash
git clone https://github.com/d0rb/CVE-2024-41107/PoC.git
cd cve-2024-41107-exploit
```

2. **Edit the Exploit Code:**

Update the `url` and `saml_response_template` variables in `exploit.py` with the target CloudStack instance and your SAML issuer details.

3. **Run the Exploit:**

```bash
python exploit.py
```

4. **Check the Response:**

If successful, the script will print the session ID indicating unauthorized access.


## 🔒 Mitigation 🔒

To mitigate this vulnerability, users are advised to:

- Disable SAML authentication by setting the `saml2.enabled` global setting to `false`.
- Upgrade to the patched versions **4.18.2.2** or **4.19.1.0** released by Apache.
- Review access logs for signs of exploitation.



---

⚠️ **Disclaimer:** This code is for educational purposes only. Unauthorized use of this code is illegal. Always ensure you have permission before testing against any system.

File Snapshot


 [4.0K]  /data/pocs/cefefa8a1a80dfa95e6cccb0bf906cf707820d50
├── [3.4K]  PoC.py
└── [2.3K]  README.md

0 directories, 2 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.

View subscription plans →

Goal Reached Thanks to every supporter — we hit 100%!