Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/absholi7ly/Bypass-authentication-GitHub-Enterprise-Server
The authentication bypass vulnerability in GitHub Enterprise Server (GHES) allows an unauthorized attacker to access an instance of GHES without requiring pre-authentication. The vulnerability affects all GHES versions prior to 3.13.0.
https://github.com/absholi7ly/Bypass-authentication-GitHub-Enterprise-Server
Last synced: 3 months ago
JSON representation
The authentication bypass vulnerability in GitHub Enterprise Server (GHES) allows an unauthorized attacker to access an instance of GHES without requiring pre-authentication. The vulnerability affects all GHES versions prior to 3.13.0.
- Host: GitHub
- URL: https://github.com/absholi7ly/Bypass-authentication-GitHub-Enterprise-Server
- Owner: absholi7ly
- Created: 2024-05-21T04:51:46.000Z (6 months ago)
- Default Branch: main
- Last Pushed: 2024-05-21T05:02:21.000Z (6 months ago)
- Last Synced: 2024-06-07T08:13:40.698Z (5 months ago)
- Size: 4.88 KB
- Stars: 45
- Watchers: 2
- Forks: 3
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
Awesome Lists containing this project
README
# Bypass-authentication-GitHub-Enterprise-Server CVE-2024-4985
The authentication bypass vulnerability in GitHub Enterprise Server (GHES) allows an unauthorized attacker to access an instance of GHES without requiring pre-authentication. The vulnerability affects all GHES versions prior to 3.13.0.## Technical vulnerability details:
The vulnerability exploits a vulnerability in the way GHES handles encrypted SAML claims.
An attacker could create a fake SAML claim that contains correct user information.
When GHES processes a fake SAML claim, it will not be able to validate its signature correctly, allowing an attacker to gain access to the GHES instance.## Poc:
Steps:
* Open your penetration tester.
* Create a Web Connection Request.
* Select the "GET" request type.
* Enter your GHES URL.
* Add a fake SAML Assertion parameter to your request. You can find an example of a fake SAML Assertion parameter in the GitHub documentation.
* Check the GHES response.
* If the response contains an HTTP status code of 200, it has successfully bypassed authentication using the fake SAML Assertion parameter.
* If the response contains a different HTTP status code, it did not succeed in bypassing authentication.------------------------------------------------------------------
Note: I'm going to synthesize an example using a dummy URL (https://your-ghes-instance.com). Be sure to replace it with your real GHES URL.
In this example, we'll assume that your GHES URL is https://your-ghes-instance.com. We'll use a fake SAML Assertion parameter that looks like this:```
https://your-ghes-instance.com
jdoe
urn:oasis:names:tc:SAML:2.0:methodName:password
Acme Corporation
[email protected]
```