Authentication flaw

2017-11-0215:29:00

PRIOn knowledge base

www.prio-n.com

8 High

AI Score

Confidence

High

0.004 Low

EPSS

Percentile

73.7%

JSON

OpenAM (Open Source Edition) allows an attacker to bypass authentication and access unauthorized contents via unspecified vectors. Note that this vulnerability affects OpenAM (Open Source Edition) implementations configured as SAML 2.0IdP, and switches authentication methods based on AuthnContext requests sent from the service provider.

CPENameOperatorVersion
openamge9.5.5
openamle9.5.5
openamge11.0.0
openamle11.0.0
openamge13.0.0
openamle13.0.0

Name	Operator	Version
openam	ge	9.5.5
openam	le	9.5.5
openam	ge	11.0.0
openam	le	11.0.0
openam	ge	13.0.0
openam	le	13.0.0

References

jvn.jp/en/jp/JVN79546124/

www.cs.themistruct.com/

www.osstech.co.jp/support/am2017-2-1-en