120 matches found
CVE-2017-11427
OneLogin PythonSAML 2.3.0 and earlier may incorrectly utilize the results of XML DOM traversal and canonicalization APIs in such a way that an attacker may be able to manipulate the SAML data without invalidating the cryptographic signature, allowing the attack to potentially bypass authenticatio...
CVE-2017-11428
CVE-2017-11428 affects OneLogin Ruby-SAML up to version 1.6.0. The issue arises from improper use of XML DOM traversal and canonicalization results, allowing manipulation of SAML data without breaking the cryptographic signature and potentially bypassing authentication to SAML service providers. ...
CVE-2017-11428
OneLogin Ruby-SAML 1.6.0 and earlier may incorrectly utilize the results of XML DOM traversal and canonicalization APIs in such a way that an attacker may be able to manipulate the SAML data without invalidating the cryptographic signature, allowing the attack to potentially bypass authentication...
CVE-2017-11427 Multiple SAML libraries may allow authentication bypass via incorrect XML canonicalization and DOM traversal
OneLogin PythonSAML 2.3.0 and earlier may incorrectly utilize the results of XML DOM traversal and canonicalization APIs in such a way that an attacker may be able to manipulate the SAML data without invalidating the cryptographic signature, allowing the attack to potentially bypass authenticatio...
CVE-2017-11427
Affected software: OneLogin PythonSAML (PythonSAML) with version 2.3.0 and earlier. Root cause: Incorrect use of XML DOM traversal and canonicalization APIs, enabling manipulation of SAML data while preserving the cryptographic signature. Impact: Potential bypass of authentication to SAML service...
PT-2019-7878 · Onelogin · Pythonsaml
Name of the Vulnerable Software and Affected Versions: OneLogin PythonSAML versions 2.3.0 and earlier Description: The issue may allow an attacker to manipulate SAML data without invalidating its cryptographic signature, potentially bypassing authentication to SAML service providers. This is due ...
Uber: Improper Access Control on Onelogin in multi-layered architecture
Path traversal in the web server powering uberinternal.com allowed an attacker to view content hosted on these subdomains, bypassing OneLogin authentication...
Uber: Configuration and/or source code files on uchat-staging.uberinternal.com can be viewed without OneLogin SSO Authentication
Summary Configuration file and/or source code information leakage without Uber OneLogin SSO authentication. Security Impact Misconfiguration on the server results in information leakage without authentication. Reproduction Steps...
Uber: It's possible to view configuration and/or source code on uchat.awscorp.uberinternal.com without
Summary Configuration file and/or source code information leakage without Uber OneLogin SSO authentication. Security Impact Misconfiguration on the server results in information leakage without authentication. Reproduction Steps...
SugarCRM php-saml Vulnerability
SugarCRM is prone to a signature validation vulnerability in php-saml. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...
Fedora 26 : php-onelogin-php-saml (2017-8e4c14eeec)
Update to 2.10.5 ---- Update to 2.10.4 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. %NASLMINLEV...
OneLogin Extension for Firefox Installed
OneLogin, a password manager extension for the Firefox browser, is installed on the remote Windows host. Note that the OneLogin servers were compromised on May 31, 2017. It is strongly recommended that users change their OneLogin password and the passwords for all accounts that were stored in...
OneLogin Extension for Chrome Installed
OneLogin, a password manager extension for the Chrome browser, is installed on the remote Windows host. Note that the OneLogin servers were compromised on May 31, 2017. It is strongly recommended that users change their OneLogin password and the passwords for all accounts that were stored in...
On ShadowBrokers, WannaCry, Samba, and the OneLogin Breach
Mike Mimoso and Chris Brook discuss the news of the week, including the ShadowBrokers crowdfunding attempt, errors in WannaCry, a new Wikileaks dump, last week’s Samba vulnerability, and the OneLogin breach. Download: ThreatpostNewsWrapJune22017.mp3 Music by Chris Gonsalves...
Password manager “OneLogin” hacked; data stolen
By Waqas OneLogin, Inc., the developers of single sign-on and identity management for cloud-based applications has announced that its servers for the US region have been hacked and accessed by a third party. As a result; encrypted information related to its password management service OneLogin ha...
OneLogin: Breach Exposed Ability to Decrypt Data
OneLogin, an online service that lets users manage logins to sites and apps from a single platform, says it has suffered a security breach in which customer data was compromised, including the ability to decrypt encrypted data. Headquartered in San Francisco, OneLogin provides single sign-on and...
OneLogin Breach Compromised Customer Data, Ability to Decrypt Encrypted Data
A breach at OneLogin, a company that provides customers with a single sign on for logging into multiple sites and apps, appears to have compromised customer data, including the ability to decrypt encrypted data. The company notified customers via email Wednesday that the incident stemmed from...
OneLogin Password Manager Hacked; Users’ Data Can be Decrypted
Do you use OneLogin password manager? If yes, then immediately change all your account passwords right now. OneLogin, the cloud-based password management and identity management software company, has admitted that the company has suffered a data breach. The company announced on Thursday that it h...
Uber: SAML Authentication Bypass on uchat.uberinternal.com
Due to improper SAML verification it was possible to bypass the OneLogin authentication on https://uchat.uberinternal.com and gain unauthorized access to internal chats. We enjoyed working with @mishre on this report and look forward to receiving more submissions from them in the future!...
Fedora 25 : php-onelogin-php-saml (2017-06f4b88ceb)
Update to 2.10.5 ---- Update to 2.10.4 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. %NASLMINLEV...