A critical authentication bypass in Rocket.Chat allows unauthenticated attackers to gain unauthorized access due to a failure in SAML signature validation.

The SAML service provider implementation contains a fail-open design where signature validation is skipped if the IdP certificate is missing. Because this is the default state, an unauthenticated attacker can submit forged SAML assertions to gain unauthorized access.

With a CVSS score of 9.3, this flaw represents a complete breakdown of the authentication mechanism. Successful exploitation grants attackers full access to the Rocket.Chat platform, potentially exposing all internal communications, user data, and sensitive workspace information, leading to a catastrophic data breach.

Immediate Action: Apply the vendor-provided security updates (8.5.0, 8.4.1, 8.3.3, etc.) immediately to enforce mandatory SAML signature validation.

Proactive Monitoring: Audit SAML configuration settings to ensure a valid IdP certificate is properly defined and monitor login logs for suspicious authentication patterns.

Compensating Controls: Temporarily disable SAML authentication if an immediate update cannot be performed, reverting to local authentication or other secure methods.

Public Exploit Available: No

This is an authentication-bypass class vulnerability that requires immediate attention. Organizations utilizing SAML for Rocket.Chat must treat this as a high-priority incident and apply the relevant patches to ensure the integrity of their authentication processes.