Lucene search
K

4 matches found

NVD
NVD
added 2025/02/18 7:15 p.m.57 views

CVE-2025-24894

SPID.AspNetCore.Authentication is an AspNetCore Remote Authenticator for SPID. Authentication using Spid and CIE is based on the SAML2 standard which provides two entities: Identity Provider IDP: the system that authenticates users and provides identity information SAML affirmation to the Service...

9.1CVSS0.0056EPSS
Exploits0References1
OSV
OSV
added 2025/02/18 6:39 p.m.5 views

CVE-2025-24894 SAML Response Signature Verification Bypass in SPID.AspNetCore.Authentication

SPID.AspNetCore.Authentication is an AspNetCore Remote Authenticator for SPID. Authentication using Spid and CIE is based on the SAML2 standard which provides two entities: Identity Provider IDP: the system that authenticates users and provides identity information SAML affirmation to the Service...

9.1CVSS6.8AI score0.0056EPSS
Exploits0References3
CVE
CVE
added 2025/02/18 6:39 p.m.181 views

CVE-2025-24894

CVE-2025-24894 concerns SPID.AspNetCore.Authentication (AspNetCore Remote Authenticator for SPID). The vulnerability arises from insufficient validation of SAML response signatures in VerifySignature(), which may allow an attacker to impersonate any SPID/CIE user by injecting a valid signature in...

9.1CVSS7.1AI score0.0056EPSS
Exploits0References1
Circl
Circl
added 2025/02/17 1:25 p.m.27 views

CVE-2025-24894

creationtimestamp| type| source ---|---|--- 2025-02-17 13:25:14+00:00| published-proof-of-concept| https://github.com/italia/spid-aspnetcore/security/advisories/GHSA-36h8-r92j-w9vw 2025-02-18 19:16:16+00:00| seen| https://bsky.app/profile/cve-notifications.bsky.social/post/3lihxwsfpyg2y 2025-02-1...

9.1CVSS5.7AI score0.0056EPSS
Exploits0References6
Rows per page
Query Builder