![](\"https:\/\/dulieu.antoanthongtin.gov.vn\/tapchiantoanthongtin\/4c94532f-5e28-4ead-9a91-4c79912d5453\/login-prompt.png\")
<\/p>\nSamlify l\u00e0 m\u1ed9t th\u01b0 vi\u1ec7n x\u00e1c th\u1ef1c gi\u00fap c\u00e1c nh\u00e0 ph\u00e1t tri\u1ec3n t\u00edch h\u1ee3p SAML SSO v\u00e0 Single Log-Out (SLO) v\u00e0o c\u00e1c \u1ee9ng d\u1ee5ng Node.js. \u0110\u00e2y l\u00e0 m\u1ed9t c\u00f4ng c\u1ee5 ph\u1ed5 bi\u1ebfn \u0111\u1ec3 x\u00e2y d\u1ef1ng ho\u1eb7c k\u1ebft n\u1ed1i v\u1edbi c\u00e1c nh\u00e0 cung c\u1ea5p \u0111\u1ecbnh danh (IdP) v\u00e0 nh\u00e0 cung c\u1ea5p d\u1ecbch v\u1ee5 (SP) b\u1eb1ng SAML.<\/p>\n
Th\u01b0 vi\u1ec7n \u0111\u01b0\u1ee3c s\u1eed d\u1ee5ng b\u1edfi c\u00e1c n\u1ec1n t\u1ea3ng SaaS, c\u00e1c t\u1ed5 ch\u1ee9c tri\u1ec3n khai SSO cho c\u00e1c c\u00f4ng c\u1ee5 n\u1ed9i b\u1ed9, c\u00e1c nh\u00e0 ph\u00e1t tri\u1ec3n t\u00edch h\u1ee3p v\u1edbi IdP nh\u01b0\u00a0Azure<\/a>\u00a0AD ho\u1eb7c Okta. Th\u01b0 vi\u1ec7n n\u00e0y r\u1ea5t ph\u1ed5 bi\u1ebfn, \u0111\u1ea1t h\u01a1n 200.000 l\u01b0\u1ee3t t\u1ea3i xu\u1ed1ng h\u00e0ng tu\u1ea7n tr\u00ean\u00a0npm<\/a>.<\/p>\n L\u1ed7 h\u1ed5ng n\u00e0y \u0111\u01b0\u1ee3c theo d\u00f5i v\u1edbi t\u00ean g\u1ecdi CVE-2025-47949, \u0111\u01b0\u1ee3c \u0111\u00e1nh gi\u00e1 nghi\u00eam tr\u1ecdng (\u0111i\u1ec3m CVSS v4.0: 9.9) \u1ea3nh h\u01b0\u1edfng \u0111\u1ebfn t\u1ea5t c\u1ea3 c\u00e1c phi\u00ean b\u1ea3n Samlify tr\u01b0\u1edbc 2.10.0. Theo c\u00e1c nh\u00e0 nghi\u00ean c\u1ee9u, Samlify x\u00e1c minh \u0111\u00fang r\u1eb1ng t\u00e0i li\u1ec7u XML cung c\u1ea5p \u0111\u1ecbnh danh c\u1ee7a ng\u01b0\u1eddi d\u00f9ng \u0111\u00e3 \u0111\u01b0\u1ee3c k\u00fd. Tuy nhi\u00ean, n\u00f3 v\u1eabn ti\u1ebfp t\u1ee5c \u0111\u1ecdc c\u00e1c Assertions (SAML Assertions ch\u1ee9a th\u00f4ng tin v\u1ec1 ng\u01b0\u1eddi d\u00f9ng, quy\u1ec1n truy c\u1eadp v\u00e0 c\u00e1c thu\u1ed9c t\u00ednh kh\u00e1c) gi\u1ea3 m\u1ea1o t\u1eeb m\u1ed9t ph\u1ea7n c\u1ee7a XML kh\u00f4ng \u0111\u01b0\u1ee3c k\u00fd.<\/p>\n