JVN#79546124: OpenAM (Open Source Edition) vulnerable to authentication bypass

2017-11-01T00:00:00
ID JVN:79546124
Type jvn
Reporter Japan Vulnerability Notes
Modified 2017-11-01T00:00:00

Description

## Description

OpenAM (Open Source Edition) contains an authentication bypass vulnerability.

## Impact

A user may bypass login authentication and access contents for which permissions are not granted.

## Solution

Apply the Patch
Patch for this vulnerabiity has been released by Open Source Solution Technology Corporation.
Apply the patch according to the information provided by Open Source Solution Technology Corporation.

## Products Affected

  • OpenAM (Open Source Edition) This vulnerability may affect the system where OpenAM (all versions of the open source edition) is configured as an SAML 2.0 IdP and is set to switch authentication methods by types of AuthnContext requests that are sent from the service provider.