4 matches found
CVE-2025-24894
SPID.AspNetCore.Authentication is an AspNetCore Remote Authenticator for SPID. Authentication using Spid and CIE is based on the SAML2 standard which provides two entities: Identity Provider IDP: the system that authenticates users and provides identity information SAML affirmation to the Service...
CVE-2025-24894 SAML Response Signature Verification Bypass in SPID.AspNetCore.Authentication
SPID.AspNetCore.Authentication is an AspNetCore Remote Authenticator for SPID. Authentication using Spid and CIE is based on the SAML2 standard which provides two entities: Identity Provider IDP: the system that authenticates users and provides identity information SAML affirmation to the Service...
CVE-2025-24894
CVE-2025-24894 concerns SPID.AspNetCore.Authentication (AspNetCore Remote Authenticator for SPID). The vulnerability arises from insufficient validation of SAML response signatures in VerifySignature(), which may allow an attacker to impersonate any SPID/CIE user by injecting a valid signature in...
CVE-2025-24894
creationtimestamp| type| source ---|---|--- 2025-02-17 13:25:14+00:00| published-proof-of-concept| https://github.com/italia/spid-aspnetcore/security/advisories/GHSA-36h8-r92j-w9vw 2025-02-18 19:16:16+00:00| seen| https://bsky.app/profile/cve-notifications.bsky.social/post/3lihxwsfpyg2y 2025-02-1...