CVE-2017-11429

2019-04-17T14:29:00
ID CVE-2017-11429
Type cve
Reporter cve@mitre.org
Modified 2019-04-18T18:14:00

Description

Clever saml2-js 2.0 and earlier may incorrectly utilize the results of XML DOM traversal and canonicalization APIs in such a way that an attacker may be able to manipulate the SAML data without invalidating the cryptographic signature, allowing the attack to potentially bypass authentication to SAML service providers.