Lucene search
PRIOn knowledge basePRION:CVE-2021-23365HistoryApr 26, 2021 - 10:15 a.m.
Authentication flaw
2021-04-2610:15:00
PRIOn knowledge base
www.prio-n.com
3
The package github.com/tyktechnologies/tyk-identity-broker before 1.1.1 are vulnerable to Authentication Bypass via the Go XML parser which can cause SAML authentication bypass. This is because the XML parser doesn’t guarantee integrity in the XML round-trip (encoding/decoding XML data).
| CPE | Name | Operator | Version |
|---|---|---|---|
| tyk-identity-broker | lt | 1.1.1 |
References
github.com/TykTechnologies/tyk-identity-broker/commit/243092965b0f93a95a14cb882b5b9a3df61dd5c0
github.com/TykTechnologies/tyk-identity-broker/commit/46f70420e0911e4e8b638575e29d394c227c75d0
github.com/TykTechnologies/tyk-identity-broker/pull/147
github.com/TykTechnologies/tyk-identity-broker/releases/tag/v1.1.1
snyk.io/vuln/SNYK-GOLANG-GITHUBCOMTYKTECHNOLOGIESTYKIDENTITYBROKER-1089720
Related
cvelist
cvelist
CVE-2021-23365 Authentication Bypass
2021-04-26 00:00:00
nvd
nvd
CVE-2021-23365
2021-04-26 10:15:12
github
github
Authentication Bypass in tyk-identity-broker
2021-06-23 17:23:30
cve
cve
CVE-2021-23365
2021-04-26 10:15:12
osv
osv
Authentication Bypass in tyk-identity-broker
2021-06-23 17:23:30
CVE-2021-23365
2021-04-26 10:15:12