|Category:||Internal Data Exposure|
During internal review, we discovered that instances using SAML for single sign on store secrets in the database.
The Common Vulnerabilities and Exposures (CVE) project has assigned the name CVE-2015-6671 to this issue. This is an entry on the CVE list (http://cve.mitre.org), which standardizes names for security problems.
With this change in place, instance administrators can opt to store the instance’s SAML private key and OAuth2 secrets in either the database or in ~/lms.auth.json. The former is kept for backwards compatibility; the latter is now the preferred, more secure option.
Storing the keys in the database in plain text was not in itself a vulnerability, but created more surface area for a potential attack: In the event that an adversary were able to exploit some other vulnerability and gain access to a copy of the database, such as a backup or a read replica, then they would also have access to the SAML private key.
The bug was fixed in this commit.