201 matches found
CVE-2021-21238
PySAML2 is a pure python implementation of SAML Version 2 Standard. PySAML2 before 6.5.0 has an improper verification of cryptographic signature vulnerability. All users of pysaml2 that need to validate signed SAML documents are impacted. The vulnerability is a variant of XML Signature wrapping...
CVE-2021-21238
PySAML2 (Python-based SAML 2.0 implementation) is affected by an improper verification of cryptographic signatures in versions prior to 6.5.0. The flaw is a variant of XML Signature wrapping: PySAML2 did not validate the SAML document against an XML schema, allowing an invalid XML document with a...
CVE-2021-21238
PySAML2 is a pure python implementation of SAML Version 2 Standard. PySAML2 before 6.5.0 has an improper verification of cryptographic signature vulnerability. All users of pysaml2 that need to validate signed SAML documents are impacted. The vulnerability is a variant of XML Signature wrapping...
CVE-2021-21238 SAML XML Signature wrapping
PySAML2 is a pure python implementation of SAML Version 2 Standard. PySAML2 before 6.5.0 has an improper verification of cryptographic signature vulnerability. All users of pysaml2 that need to validate signed SAML documents are impacted. The vulnerability is a variant of XML Signature wrapping...
CVE-2021-21239
PySAML2 is a pure python implementation of SAML Version 2 Standard. PySAML2 before 6.5.0 has an improper verification of cryptographic signature vulnerability. Users of pysaml2 that use the default CryptoBackendXmlSec1 backend and need to verify signed SAML documents are impacted. PySAML2 does no...
CVE-2021-21239 Open default xmlsec1 key-type preference
PySAML2 is a pure python implementation of SAML Version 2 Standard. PySAML2 before 6.5.0 has an improper verification of cryptographic signature vulnerability. Users of pysaml2 that use the default CryptoBackendXmlSec1 backend and need to verify signed SAML documents are impacted. PySAML2 does no...
CVE-2021-21239
CVE-2021-21239 affects PySAML2 (pre-6.5.0) and stems from improper verification of SAML signatures when using the default CryptoBackendXmlSec1 backend. The underlying xmlsec1 verification can accept arbitrary keys embedded in the document instead of restricting to trusted IdP certificates, enabli...
CVE-2021-21239
PySAML2 is a pure python implementation of SAML Version 2 Standard. PySAML2 before 6.5.0 has an improper verification of cryptographic signature vulnerability. Users of pysaml2 that use the default CryptoBackendXmlSec1 backend and need to verify signed SAML documents are impacted. PySAML2 does no...
django-allauth-saml2 (>=0.1.0 <=0.2.0), django-saml2-auth (>=1.0.2 <=1.1.4) +8 more potentially affected by CVE-2021-21239 via pysaml2 (>=4.0.2 <=5.0.0)
pysaml2 PYPI version =4.0.2, =0.1.0, =1.0.2, =1.0.0, =0.16.11, =1.1.1, =12.0.2, =0.100.2, =0.6.1, =3.4.8 Source cves: CVE-2021-21239 Source advisory: OSV:GHSA-5P3X-R448-PC62...
Improper Verification of Cryptographic Signature in PySAML2
Impact All users of pysaml2 that use the default CryptoBackendXmlSec1 backend and need to verify signed SAML documents are impacted. pysaml2 = 6.4.1 does not ensure that a signed SAML document is correctly signed. The default CryptoBackendXmlSec1 backend is using the xmlsec1 binary to verify the...
GHSA-5P3X-R448-PC62 Improper Verification of Cryptographic Signature in PySAML2
Impact All users of pysaml2 that use the default CryptoBackendXmlSec1 backend and need to verify signed SAML documents are impacted. pysaml2 = 6.4.1 does not ensure that a signed SAML document is correctly signed. The default CryptoBackendXmlSec1 backend is using the xmlsec1 binary to verify the...
GHSA-F4G9-H89H-JGV9 SAML XML Signature wrapping in PySAML2
Impact All users of pysaml2 that use the default CryptoBackendXmlSec1 backend and need to verify signed SAML documents are impacted. pysaml2 = 6.4.1 does not validate the SAML document against an XML schema. This allows invalid XML documents to trick the verification process, by presenting elemen...
django-allauth-saml2 (>=0.1.0 <=0.2.0), django-saml2-auth (>=1.0.2 <=1.1.4) +8 more potentially affected by CVE-2021-21238 via pysaml2 (>=4.0.2 <=5.0.0)
pysaml2 PYPI version =4.0.2, =0.1.0, =1.0.2, =1.0.0, =0.16.11, =1.1.1, =12.0.2, =0.100.2, =0.6.1, =3.4.8 Source cves: CVE-2021-21238 Source advisory: OSV:GHSA-F4G9-H89H-JGV9...
SAML XML Signature wrapping in PySAML2
Impact All users of pysaml2 that use the default CryptoBackendXmlSec1 backend and need to verify signed SAML documents are impacted. pysaml2 = 6.4.1 does not validate the SAML document against an XML schema. This allows invalid XML documents to trick the verification process, by presenting elemen...
Idpy Pysaml2 Data Forgery Issue Vulnerability
Idpy Pysaml2 is a Python-based SAML server implementation from the Idpy community. Idpy PySAML2 before 6.5.0 suffers from a data forgery issue vulnerability that stems from a cryptographic signature validation error...
PT-2021-8018 · Pypi +2 · Pysaml2 +2
Name of the Vulnerable Software and Affected Versions: PySAML2 versions prior to 6.5.0 Description: The issue is related to an improper verification of cryptographic signatures, specifically a variant of XML Signature wrapping. This occurs because PySAML2 does not validate SAML documents against ...
pysaml2 -- multiple vulnerabilities
pysaml2 Releases: Fix processing of invalid SAML XML documents - CVE-2021-21238 Fix unspecified xmlsec1 key-type preference - CVE-2021-21239...
The vulnerability of the authentication library for exchanging identification data according to the SAML2 standard, related to incorrect verification of the cryptographic signature of the data, allows a perpetrator to bypass the signature verification and gain access to protected information.
The vulnerability of the authentication library for exchanging identification data according to the SAML2 standard, implemented with PySAML2, is related to incorrect verification of the cryptographic signature of the data. Exploiting this vulnerability could allow a malicious actor to bypass the...
SUSE-SU-2020:3897-1 Security update for ardana-cassandra, ardana-mq, ardana-osconfig, ardana-tempest, crowbar-core, crowbar-openstack, grafana, influxdb, openstack-cinder, openstack-heat, openstack-heat-gbp, openstack-heat-templates, openstack-horizon-plugin-gbp-ui, openstack-ironic-python-agent, openstack-manila, openstack-neutron, openstack-neutron-gbp, openstack-neutron-vpnaas, openstack-nova, python-Jinja2, python-pysaml2, python-pytest, python-urllib3, release-notes-suse-openstack-cloud, spark
This update for ardana-cassandra, ardana-mq, ardana-osconfig, ardana-tempest, crowbar-core, crowbar-openstack, grafana, influxdb, openstack-cinder, openstack-heat, openstack-heat-gbp, openstack-heat-templates, openstack-horizon-plugin-gbp-ui, openstack-ironic-python-agent, openstack-manila,...
django-saml2-auth (>=1.0.2 <=1.1.4), django-saml2-auth-custom (>=1.0.0 <=1.0.4) +6 more potentially affected by CVE-2020-5390 via pysaml2 (>=4.0.2 <=4.8.0)
pysaml2 PYPI version =4.0.2, =1.0.2, =1.0.0, =0.16.11, =1.1.1, =12.0.2, =0.100.2, =0.6.1, =3.4.8 Source cves: CVE-2020-5390 Source advisory: OSV:GHSA-QF7V-8HJ3-4XW7...