201 matches found
Improper Verification of Cryptographic Signature in PySAML2
PySAML2 before 5.0.0 does not check that the signature in a SAML document is enveloped and thus signature wrapping is effective, i.e., it is affected by XML Signature Wrapping XSW. The signature information and the node/object that is signed can be in different places and thus the signature...
GHSA-QF7V-8HJ3-4XW7 Improper Verification of Cryptographic Signature in PySAML2
PySAML2 before 5.0.0 does not check that the signature in a SAML document is enveloped and thus signature wrapping is effective, i.e., it is affected by XML Signature Wrapping XSW. The signature information and the node/object that is signed can be in different places and thus the signature...
Debian DLA-2119-1 : python-pysaml2 security update
It was discovered that pysaml2, a Python implementation of SAML to be used in a WSGI environment, was susceptible to XML signature wrapping attacks, which could result in a bypass of signature verification. For Debian 8 'Jessie', this problem has been fixed in version 2.0.0-1+deb8u3. We recommend...
Debian: Security Advisory (DLA-2119-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
[SECURITY] [DLA 2119-1] python-pysaml2 security update
Package : python-pysaml2 Version : 2.0.0-1+deb8u3 CVE ID : CVE-2020-5390 Debian Bug : 949322 It was discovered that pysaml2, a Python implementation of SAML to be used in a WSGI environment, was susceptible to XML signature wrapping attacks, which could result in a bypass of signature verificatio...
DLA-2119-1 python-pysaml2 - security update
Bulletin has no description...
Debian DSA-4630-1 : python-pysaml2 - security update
It was discovered that pysaml2, a Python implementation of SAML to be used in a WSGI environment, was susceptible to XML signature wrapping attacks, which could result in a bypass of signature verification. C Tenable Network Security, Inc. The descriptive text and package checks in this plugin we...
Debian: Security Advisory (DSA-4630-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
[SECURITY] [DSA 4630-1] python-pysaml2 security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4630-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff February 21, 2020 https://www.debian.org/security/faq -...
DSA-4630-1 python-pysaml2 - security update
Bulletin has no description...
CVE-2020-5390
A verification flaw was found in python-pysaml2, where it did not check that the signature in a SAML document was enveloped, which enabled XML signature wrapping XSW attacks. A remote attacker could exploit this flaw to convince SAML processing to verify the signature and accept malicious data...
Ubuntu 16.04 LTS / 18.04 LTS : PySAML2 vulnerability (USN-4245-1)
The remote Ubuntu 16.04 LTS / 18.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-4245-1 advisory. It was discovered that PySAML2 incorrectly handled certain SAML files. An attacker could possibly use this issue to bypass signature verification with...
Ubuntu: Security Advisory (USN-4245-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
USN-4245-1: PySAML2 vulnerability
It was discovered that PySAML2 incorrectly handled certain SAML files. An attacker could possibly use this issue to bypass signature verification with arbitrary data...
USN-4245-1 python-pysaml2 vulnerability
It was discovered that PySAML2 incorrectly handled certain SAML files. An attacker could possibly use this issue to bypass signature verification with arbitrary data...
XML Signature Wrapping
pySAML2 is vulnerable to XML signature wrapping. The signature validation function checksignature does not properly validates the signature in a SAML document, allowing an attacker to bypass signature verification with arbitrary data...
CVE-2020-5390
PySAML2 before 5.0.0 does not check that the signature in a SAML document is enveloped and thus signature wrapping is effective, i.e., it is affected by XML Signature Wrapping XSW. The signature information and the node/object that is signed can be in different places and thus the signature...
DEBIAN-CVE-2020-5390
PySAML2 before 5.0.0 does not check that the signature in a SAML document is enveloped and thus signature wrapping is effective, i.e., it is affected by XML Signature Wrapping XSW. The signature information and the node/object that is signed can be in different places and thus the signature...
CVE-2020-5390
PySAML2 before 5.0.0 does not check that the signature in a SAML document is enveloped and thus signature wrapping is effective, i.e., it is affected by XML Signature Wrapping XSW. The signature information and the node/object that is signed can be in different places and thus the signature...
CVE-2020-5390
PySAML2 before 5.0.0 does not check that the signature in a SAML document is enveloped and thus signature wrapping is effective, i.e., it is affected by XML Signature Wrapping XSW. The signature information and the node/object that is signed can be in different places and thus the signature...