Are there any SAML vulnerabilities in your Okta or OneLogin implementations?

Follow

Reports released today by Duo (third party link) show there are multiple vulnerabilities in SAML via the XML layer that could potentially be exploited to allow unauthenticated users access to a service like Teamable (in cases where customers are using SAML, e.g. OneLogin or Okta).

Okta also released a note (third party link) detailing how this exploit impacts those using the Okta service.

At Teamable, the security of your account and data is of paramount importance.

We have completed a rigorous review and have made the following impact assessment:

Okta customers are not impacted as the service we rely on, pysaml2,  is not affected by this vulnerability.

For OneLogin customers, we have upgraded to python-saml v2.4.0 to patch for the vulnerability.

If you have any further questions, please contact support@teamable.com.

 

Was this article helpful?
0 out of 0 found this helpful

Comments