Lucene search
K

120 matches found

OSV
OSV
added 2019/04/17 2:29 p.m.24 views

CVE-2017-11427

OneLogin PythonSAML 2.3.0 and earlier may incorrectly utilize the results of XML DOM traversal and canonicalization APIs in such a way that an attacker may be able to manipulate the SAML data without invalidating the cryptographic signature, allowing the attack to potentially bypass authenticatio...

9.8CVSS9.5AI score
Exploits0References2
CVE
CVE
added 2019/04/17 1:59 p.m.88 views

CVE-2017-11428

CVE-2017-11428 affects OneLogin Ruby-SAML up to version 1.6.0. The issue arises from improper use of XML DOM traversal and canonicalization results, allowing manipulation of SAML data without breaking the cryptographic signature and potentially bypassing authentication to SAML service providers. ...

9.8CVSS8.7AI score0.02512EPSS
Exploits1References2Affected Software1
Debian CVE
Debian CVE
added 2019/04/17 1:59 p.m.20 views

CVE-2017-11428

OneLogin Ruby-SAML 1.6.0 and earlier may incorrectly utilize the results of XML DOM traversal and canonicalization APIs in such a way that an attacker may be able to manipulate the SAML data without invalidating the cryptographic signature, allowing the attack to potentially bypass authentication...

9.8CVSS8.7AI score0.02512EPSS
Exploits1
Cvelist
Cvelist
added 2019/04/17 1:59 p.m.45 views

CVE-2017-11427 Multiple SAML libraries may allow authentication bypass via incorrect XML canonicalization and DOM traversal

OneLogin PythonSAML 2.3.0 and earlier may incorrectly utilize the results of XML DOM traversal and canonicalization APIs in such a way that an attacker may be able to manipulate the SAML data without invalidating the cryptographic signature, allowing the attack to potentially bypass authenticatio...

7.7CVSS8.7AI score0.04636EPSS
Exploits1References2
CVE
CVE
added 2019/04/17 1:59 p.m.93 views

CVE-2017-11427

Affected software: OneLogin PythonSAML (PythonSAML) with version 2.3.0 and earlier. Root cause: Incorrect use of XML DOM traversal and canonicalization APIs, enabling manipulation of SAML data while preserving the cryptographic signature. Impact: Potential bypass of authentication to SAML service...

9.8CVSS8.6AI score0.04636EPSS
Exploits1References2Affected Software1
Positive Technologies
Positive Technologies
added 2019/04/17 12:0 a.m.4 views

PT-2019-7878 · Onelogin · Pythonsaml

Name of the Vulnerable Software and Affected Versions: OneLogin PythonSAML versions 2.3.0 and earlier Description: The issue may allow an attacker to manipulate SAML data without invalidating its cryptographic signature, potentially bypassing authentication to SAML service providers. This is due ...

9.8CVSS7.1AI score0.04636EPSS
Exploits1References18
Hacker One
Hacker One
added 2018/03/15 5:52 a.m.20 views

Uber: Improper Access Control on Onelogin in multi-layered architecture

Path traversal in the web server powering uberinternal.com allowed an attacker to view content hosted on these subdomains, bypassing OneLogin authentication...

4.2AI score
Exploits0
Hacker One
Hacker One
added 2017/12/17 10:29 p.m.47 views

Uber: Configuration and/or source code files on uchat-staging.uberinternal.com can be viewed without OneLogin SSO Authentication

Summary Configuration file and/or source code information leakage without Uber OneLogin SSO authentication. Security Impact Misconfiguration on the server results in information leakage without authentication. Reproduction Steps...

5CVSS6.3AI score0.02856EPSS
Exploits1
Hacker One
Hacker One
added 2017/12/17 12:36 a.m.36 views

Uber: It's possible to view configuration and/or source code on uchat.awscorp.uberinternal.com without

Summary Configuration file and/or source code information leakage without Uber OneLogin SSO authentication. Security Impact Misconfiguration on the server results in information leakage without authentication. Reproduction Steps...

5CVSS6.3AI score0.02856EPSS
Exploits1
OpenVAS
OpenVAS
added 2017/09/26 12:0 a.m.110 views

SugarCRM php-saml Vulnerability

SugarCRM is prone to a signature validation vulnerability in php-saml. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

6.6AI score0.00262EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2017/07/17 12:0 a.m.17 views

Fedora 26 : php-onelogin-php-saml (2017-8e4c14eeec)

Update to 2.10.5 ---- Update to 2.10.4 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. %NASLMINLEV...

5.5AI score
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2017/06/21 12:0 a.m.34 views

OneLogin Extension for Firefox Installed

OneLogin, a password manager extension for the Firefox browser, is installed on the remote Windows host. Note that the OneLogin servers were compromised on May 31, 2017. It is strongly recommended that users change their OneLogin password and the passwords for all accounts that were stored in...

7.1AI score
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2017/06/21 12:0 a.m.89 views

OneLogin Extension for Chrome Installed

OneLogin, a password manager extension for the Chrome browser, is installed on the remote Windows host. Note that the OneLogin servers were compromised on May 31, 2017. It is strongly recommended that users change their OneLogin password and the passwords for all accounts that were stored in...

7AI score
Exploits0References3
ThreatPost
ThreatPost
added 2017/06/02 10:30 a.m.11 views

On ShadowBrokers, WannaCry, Samba, and the OneLogin Breach

Mike Mimoso and Chris Brook discuss the news of the week, including the ShadowBrokers crowdfunding attempt, errors in WannaCry, a new Wikileaks dump, last week’s Samba vulnerability, and the OneLogin breach. Download: ThreatpostNewsWrapJune22017.mp3 Music by Chris Gonsalves...

3.3AI score
Exploits0References3
HackRead
HackRead
added 2017/06/01 4:18 p.m.17 views

Password manager “OneLogin” hacked; data stolen

By Waqas OneLogin, Inc., the developers of single sign-on and identity management for cloud-based applications has announced that its servers for the US region have been hacked and accessed by a third party. As a result; encrypted information related to its password management service OneLogin ha...

6.8AI score
Exploits0
Krebs on Security
Krebs on Security
added 2017/06/01 12:55 p.m.30 views

OneLogin: Breach Exposed Ability to Decrypt Data

OneLogin, an online service that lets users manage logins to sites and apps from a single platform, says it has suffered a security breach in which customer data was compromised, including the ability to decrypt encrypted data. Headquartered in San Francisco, OneLogin provides single sign-on and...

6.8AI score
Exploits0
ThreatPost
ThreatPost
added 2017/06/01 12:29 p.m.15 views

OneLogin Breach Compromised Customer Data, Ability to Decrypt Encrypted Data

A breach at OneLogin, a company that provides customers with a single sign on for logging into multiple sites and apps, appears to have compromised customer data, including the ability to decrypt encrypted data. The company notified customers via email Wednesday that the incident stemmed from...

1AI score
Exploits0References2
The Hacker News
The Hacker News
added 2017/06/01 8:57 a.m.20 views

OneLogin Password Manager Hacked; Users’ Data Can be Decrypted

Do you use OneLogin password manager? If yes, then immediately change all your account passwords right now. OneLogin, the cloud-based password management and identity management software company, has admitted that the company has suffered a data breach. The company announced on Thursday that it h...

6.5AI score
Exploits0
Hacker One
Hacker One
added 2017/04/22 9:13 a.m.65 views

Uber: SAML Authentication Bypass on uchat.uberinternal.com

Due to improper SAML verification it was possible to bypass the OneLogin authentication on https://uchat.uberinternal.com and gain unauthorized access to internal chats. We enjoyed working with @mishre on this report and look forward to receiving more submissions from them in the future!...

0.5AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2017/04/20 12:0 a.m.27 views

Fedora 25 : php-onelogin-php-saml (2017-06f4b88ceb)

Update to 2.10.5 ---- Update to 2.10.4 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. %NASLMINLEV...

5.5AI score
Exploits0References1
Rows per page
Query Builder