CVE-2015-1796

2015-07-08T15:59:00
ID CVE-2015-1796
Type cve
Reporter cve@mitre.org
Modified 2016-11-30T02:59:00

Description

The PKIX trust engines in Shibboleth Identity Provider before 2.4.4 and OpenSAML Java (OpenSAML-J) before 2.6.5 trust candidate X.509 credentials when no trusted names are available for the entityID, which allows remote attackers to impersonate an entity via a certificate issued by a shibmd:KeyAuthority trust anchor.