Lucene search
PRIOn knowledge basePRION:CVE-2015-5372HistorySep 28, 2015 - 4:59 p.m.
Code injection
2015-09-2816:59:00
PRIOn knowledge base
www.prio-n.com
1
The SAML 2.0 implementation in AdNovum nevisAuth 4.13.0.0 before 4.18.3.1, when using SAML POST-Binding, does not match all attributes of the X.509 certificate embedded in the assertion against the certificate from the identity provider (IdP), which allows remote attackers to inject arbitrary SAML assertions via a crafted certificate.
References
packetstormsecurity.com/files/133628/nevisAuth-Authentication-Bypass.html
seclists.org/fulldisclosure/2015/Sep/87
www.securityfocus.com/archive/1/536508/100/0/threaded
blog.csnc.ch/2015/09/saml-sp-authentication-bypass-vulnerability-in-nevisauth
www.csnc.ch/misc/files/advisories/CVE-2015-5372_AdNovum_nevisAuth_Authentication_Bypass.txt
Related
cvelist
cvelist
CVE-2015-5372
2015-09-28 16:00:00
cve
cve
CVE-2015-5372
2015-09-28 16:59:05
nvd
nvd
CVE-2015-5372
2015-09-28 16:59:05
zdt
zdt
nevisAuth Authentication Bypass Vulnerability
2015-09-22 00:00:00