367 matches found
GHSA-8GQJ-226H-GM8R Passport-wsfed-saml2 allows SAML Authentication Bypass via Attribute Smuggling
Overview This vulnerability allows an attacker to impersonate any user during SAML authentication by tampering with a valid SAML response. This can be done by adding attributes to the response. Am I Affected? You are affected by this SAML Attribute Smuggling vulnerability if you are using...
Passport-wsfed-saml2 allows SAML Authentication Bypass via Signature Wrapping
Overview This vulnerability allows an attacker to impersonate any user during SAML authentication by crafting a SAMLResponse. This can be done by using a valid SAML object that was signed by the configured IdP. Am I Affected? You are affected by this SAML Signature Wrapping vulnerability if you a...
GHSA-WJMP-WPHQ-JVQF Passport-wsfed-saml2 allows SAML Authentication Bypass via Signature Wrapping
Overview This vulnerability allows an attacker to impersonate any user during SAML authentication by crafting a SAMLResponse. This can be done by using a valid SAML object that was signed by the configured IdP. Am I Affected? You are affected by this SAML Signature Wrapping vulnerability if you a...
CVE-2025-46572
passport-wsfed-saml2 provides passport strategy for both WS-fed and SAML2 protocol. A vulnerability present starting in version 3.0.5 up to and including version 4.6.3 allows an attacker to impersonate any user during SAML authentication by crafting a SAMLResponse. This can be done by using a val...
CVE-2025-46573 passport-wsfed-saml2 Has SAML Authentication Bypass via Attribute Smuggling
passport-wsfed-saml2 provides passport strategy for both WS-fed and SAML2 protocol. A vulnerability present starting in version 3.0.5 up to and including version 4.6.3 allows an attacker to impersonate any user during SAML authentication by tampering with a valid SAML response. This can be done b...
CVE-2025-46573 passport-wsfed-saml2 Has SAML Authentication Bypass via Attribute Smuggling
passport-wsfed-saml2 provides passport strategy for both WS-fed and SAML2 protocol. A vulnerability present starting in version 3.0.5 up to and including version 4.6.3 allows an attacker to impersonate any user during SAML authentication by tampering with a valid SAML response. This can be done b...
CVE-2025-46573
passport-wsfed-saml2 versions 3.0.5–4.6.3 are vulnerable to impersonation during SAML authentication by tampering with a valid SAML response (adding attributes). The vulnerability occurs when the SP uses passport-wsfed-saml2 and a valid SAML Response signed by the IdP is obtainable. Version 4.6.4...
CVE-2025-46573 passport-wsfed-saml2 Has SAML Authentication Bypass via Attribute Smuggling
passport-wsfed-saml2 provides passport strategy for both WS-fed and SAML2 protocol. A vulnerability present starting in version 3.0.5 up to and including version 4.6.3 allows an attacker to impersonate any user during SAML authentication by tampering with a valid SAML response. This can be done b...
CVE-2025-46572
Summary of CVE-2025-46572 (passport-wsfed-saml2): A SAML-based impersonation vulnerability affects versions 3.0.5 through 4.6.3 of passport-wsfed-saml2 when the Service Provider uses this module and a valid SAML document signed by the IdP can be obtained. An attacker can craft a SAMLResponse to i...
CVE-2025-46572 passport-wsfed-saml2 Has SAML Authentication Bypass via Signature Wrapping
passport-wsfed-saml2 provides passport strategy for both WS-fed and SAML2 protocol. A vulnerability present starting in version 3.0.5 up to and including version 4.6.3 allows an attacker to impersonate any user during SAML authentication by crafting a SAMLResponse. This can be done by using a val...
CVE-2025-46572 passport-wsfed-saml2 Has SAML Authentication Bypass via Signature Wrapping
passport-wsfed-saml2 provides passport strategy for both WS-fed and SAML2 protocol. A vulnerability present starting in version 3.0.5 up to and including version 4.6.3 allows an attacker to impersonate any user during SAML authentication by crafting a SAMLResponse. This can be done by using a val...
CVE-2025-46572 passport-wsfed-saml2 Has SAML Authentication Bypass via Signature Wrapping
passport-wsfed-saml2 provides passport strategy for both WS-fed and SAML2 protocol. A vulnerability present starting in version 3.0.5 up to and including version 4.6.3 allows an attacker to impersonate any user during SAML authentication by crafting a SAMLResponse. This can be done by using a val...
PT-2025-19970 · Unknown · Passport-Wsfed-Saml2
Name of the Vulnerable Software and Affected Versions: passport-wsfed-saml2 versions 3.0.5 through 4.6.3 Description: A vulnerability in passport-wsfed-saml2 allows an attacker to impersonate any user during SAML authentication by tampering with a valid SAML response. This can be done by adding...
PT-2025-19969 · Auth0 · Passport-Wsfed-Saml2
Name of the Vulnerable Software and Affected Versions: passport-wsfed-saml2 versions 3.0.5 through 4.6.3 Description: A vulnerability in passport-wsfed-saml2 allows an attacker to impersonate any user in the Auth0 tenant during SAML authentication by crafting a SAMLResponse. This can be done by...
CVE-2025-23389
A Improper Access Control vulnerability in SUSE rancher allows a local user to impersonate other identities through SAML Authentication on first login. This issue affects rancher: from 2.8.0 before 2.8.13, from 2.9.0 before 2.9.7, from 2.10.0 before 2.10.3...
CVE-2025-23389
A Improper Access Control vulnerability in SUSE rancher allows a local user to impersonate other identities through SAML Authentication on first login. This issue affects rancher: from 2.8.0 before 2.8.13, from 2.9.0 before 2.9.7, from 2.10.0 before 2.10.3...
CVE-2025-23389
A Improper Access Control vulnerability in SUSE rancher allows a local user to impersonate other identities through SAML Authentication on first login. This issue affects rancher: from 2.8.0 before 2.8.13, from 2.9.0 before 2.9.7, from 2.10.0 before 2.10.3...
CVE-2025-23389
A Improper Access Control vulnerability in SUSE rancher allows a local user to impersonate other identities through SAML Authentication on first login. This issue affects rancher: from 2.8.0 before 2.8.13, from 2.9.0 before 2.9.7, from 2.10.0 before 2.10.3...
CVE-2025-23389
CVE-2025-23389 is an improper access control flaw in Rancher where a local user can impersonate other identities during first login via SAML. Affected Rancher releases: 2.8.0–2.8.13, 2.9.0–2.9.7, and 2.10.0–2.10.3. Impact per sources: high, with potential confidentiality and integrity impacts and...
CVE-2025-23389 Rancher does not Properly Validate Account Bindings in SAML Authentication Enables User Impersonation on First Login
A Improper Access Control vulnerability in SUSE rancher allows a local user to impersonate other identities through SAML Authentication on first login. This issue affects rancher: from 2.8.0 before 2.8.13, from 2.9.0 before 2.9.7, from 2.10.0 before 2.10.3...