Atlassian SAML Single Sign-On Bypass

info Web App Scanning Plugin ID 114110

Language:

Synopsis

Atlassian SAML Single Sign-On Bypass

Description

When the resolution Reichert Network Solutions GmbH plugin is used for SSO authentication on Atlassian Jira Server, Atlassian Jira Data Center, Atlassian Confluence Server, Atlassian Confluence Data Center, Atlassian Bitbucket Server, Atlassian Bitbucket Data center, Atlassian Bamboo 5 and Atlassian Bamboo 6, By default, the username/password login page can be accessed by adding the parameter nosso to the login page url which allow to bypass the redirection to an Single Sign-On (SSO) page.

Solution

Review plugin configuration, if not expected this can be disabled in the Addon's configuration's redirection-tab.

See Also

https://wiki.resolution.de/doc/saml-sso/latest/all/further-configuration/disable-password-login-with-nosso-parameter-v2-1-0

Plugin Details

Severity: Info

ID: 114110

Type: remote

Published: 11/17/2023

Updated: 11/17/2023

Scan Template: basic, config_audit, full, overview, pci, quick, scan