9 matches found
EUVD-2011-1393
Malware in sbrugna...
User Impersonation
Overview Affected versions of this package are vulnerable to User Impersonation due to improper validation of SAML response signatures which allows an attacker to inject a malicious, signed XML element as the first signature, bypassing proper verification and enabling impersonation of any SPID or...
CVE-2024-8698
CVE-2024-8698 affects Keycloak’s SAML signature validation in the XMLSignatureUtil class. The vulnerability stems from misclassifying a signature as applying to the full document versus only to specific assertions based on signature position, not the referenced element, enabling crafted SAML resp...
Authentication Bypass
passport-wsfed-saml2 is vulnerable to Authentication Bypass. The vulnerability exists because the SAML signature validation in saml.js does not ensure that the Signature tag is in the proper location inside the Assertion tag, which allows an attacker to bypass permission checks and gain access to...
PT-2023-32981 · Unknown · Passport-Wsfed-Saml2
Name of the Vulnerable Software and Affected Versions: passport-wsfed-saml2 versions prior to 3.0.10 Description: A vulnerability was found in the validation of a SAML signature, where the validation doesn't ensure that the Signature tag is at the proper location inside an Assertion tag. This lea...
SUSE CVE-2016-9814
The validateSignature method in the SAML2\Utils class in SimpleSAMLphp before 1.14.10 and simplesamlphp/saml2 library before 1.9.1, 1.10.x before 1.10.3, and 2.x before 2.3.3 allows remote attackers to spoof SAML responses or possibly cause a denial of service memory consumption by leveraging...
Updated sogo packages fix security vulnerability
Missing SAML signature validation in the SOGo groupware could result in impersonation attacks. CVE-2021-33054...
MGASA-2022-0481 Updated sogo packages fix security vulnerability
Missing SAML signature validation in the SOGo groupware could result in impersonation attacks. CVE-2021-33054...
DEBIAN-CVE-2021-33054
SOGo 2.x before 2.4.1 and 3.x through 5.x before 5.1.1 does not validate the signatures of any SAML assertions it receives. Any actor with network access to the deployment could impersonate users when SAML is the authentication method. Only versions after 2.0.5a are affected...