Lucene search
K

216 matches found

RedhatCVE
RedhatCVE
added 2025/05/08 8:39 p.m.19 views

CVE-2025-46573

passport-wsfed-saml2 provides passport strategy for both WS-fed and SAML2 protocol. A vulnerability present starting in version 3.0.5 up to and including version 4.6.3 allows an attacker to impersonate any user during SAML authentication by tampering with a valid SAML response. This can be done b...

8.6CVSS7AI score0.00326EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/08 8:39 p.m.19 views

CVE-2025-46572

passport-wsfed-saml2 provides passport strategy for both WS-fed and SAML2 protocol. A vulnerability present starting in version 3.0.5 up to and including version 4.6.3 allows an attacker to impersonate any user during SAML authentication by crafting a SAMLResponse. This can be done by using a val...

9.3CVSS7AI score0.00369EPSS
Exploits0References1
Github Security Blog
Github Security Blog
added 2025/05/06 9:18 p.m.27 views

Passport-wsfed-saml2 allows SAML Authentication Bypass via Attribute Smuggling

Overview This vulnerability allows an attacker to impersonate any user during SAML authentication by tampering with a valid SAML response. This can be done by adding attributes to the response. Am I Affected? You are affected by this SAML Attribute Smuggling vulnerability if you are using...

8.6CVSS6.9AI score0.00326EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2025/05/06 9:18 p.m.35 views

Passport-wsfed-saml2 allows SAML Authentication Bypass via Signature Wrapping

Overview This vulnerability allows an attacker to impersonate any user during SAML authentication by crafting a SAMLResponse. This can be done by using a valid SAML object that was signed by the configured IdP. Am I Affected? You are affected by this SAML Signature Wrapping vulnerability if you a...

9.3CVSS6.9AI score0.00369EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2025/05/06 9:18 p.m.7 views

GHSA-WJMP-WPHQ-JVQF Passport-wsfed-saml2 allows SAML Authentication Bypass via Signature Wrapping

Overview This vulnerability allows an attacker to impersonate any user during SAML authentication by crafting a SAMLResponse. This can be done by using a valid SAML object that was signed by the configured IdP. Am I Affected? You are affected by this SAML Signature Wrapping vulnerability if you a...

9.3CVSS6.8AI score0.00369EPSS
Exploits0References4
NVD
NVD
added 2025/05/06 9:16 p.m.57 views

CVE-2025-46572

passport-wsfed-saml2 provides passport strategy for both WS-fed and SAML2 protocol. A vulnerability present starting in version 3.0.5 up to and including version 4.6.3 allows an attacker to impersonate any user during SAML authentication by crafting a SAMLResponse. This can be done by using a val...

9.3CVSS0.00369EPSS
Exploits0References2
NVD
NVD
added 2025/05/06 9:16 p.m.72 views

CVE-2025-46573

passport-wsfed-saml2 provides passport strategy for both WS-fed and SAML2 protocol. A vulnerability present starting in version 3.0.5 up to and including version 4.6.3 allows an attacker to impersonate any user during SAML authentication by tampering with a valid SAML response. This can be done b...

8.6CVSS0.00326EPSS
Exploits0References2
OSV
OSV
added 2025/05/06 8:22 p.m.20 views

CVE-2025-46573 passport-wsfed-saml2 Has SAML Authentication Bypass via Attribute Smuggling

passport-wsfed-saml2 provides passport strategy for both WS-fed and SAML2 protocol. A vulnerability present starting in version 3.0.5 up to and including version 4.6.3 allows an attacker to impersonate any user during SAML authentication by tampering with a valid SAML response. This can be done b...

8.6CVSS6.7AI score0.00326EPSS
Exploits0References4
Cvelist
Cvelist
added 2025/05/06 8:22 p.m.66 views

CVE-2025-46573 passport-wsfed-saml2 Has SAML Authentication Bypass via Attribute Smuggling

passport-wsfed-saml2 provides passport strategy for both WS-fed and SAML2 protocol. A vulnerability present starting in version 3.0.5 up to and including version 4.6.3 allows an attacker to impersonate any user during SAML authentication by tampering with a valid SAML response. This can be done b...

8.6CVSS0.00326EPSS
Exploits0References2
CVE
CVE
added 2025/05/06 8:22 p.m.64 views

CVE-2025-46573

passport-wsfed-saml2 versions 3.0.5–4.6.3 are vulnerable to impersonation during SAML authentication by tampering with a valid SAML response (adding attributes). The vulnerability occurs when the SP uses passport-wsfed-saml2 and a valid SAML Response signed by the IdP is obtainable. Version 4.6.4...

8.6CVSS6.7AI score0.00326EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/05/06 8:18 p.m.8 views

CVE-2025-46572 passport-wsfed-saml2 Has SAML Authentication Bypass via Signature Wrapping

passport-wsfed-saml2 provides passport strategy for both WS-fed and SAML2 protocol. A vulnerability present starting in version 3.0.5 up to and including version 4.6.3 allows an attacker to impersonate any user during SAML authentication by crafting a SAMLResponse. This can be done by using a val...

9.3CVSS6.9AI score0.00369EPSS
Exploits0References2
OSV
OSV
added 2025/05/06 8:18 p.m.19 views

CVE-2025-46572 passport-wsfed-saml2 Has SAML Authentication Bypass via Signature Wrapping

passport-wsfed-saml2 provides passport strategy for both WS-fed and SAML2 protocol. A vulnerability present starting in version 3.0.5 up to and including version 4.6.3 allows an attacker to impersonate any user during SAML authentication by crafting a SAMLResponse. This can be done by using a val...

9.3CVSS6.7AI score0.00369EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2025/05/06 12:0 a.m.7 views

PT-2025-19970 · Unknown · Passport-Wsfed-Saml2

Name of the Vulnerable Software and Affected Versions: passport-wsfed-saml2 versions 3.0.5 through 4.6.3 Description: A vulnerability in passport-wsfed-saml2 allows an attacker to impersonate any user during SAML authentication by tampering with a valid SAML response. This can be done by adding...

8.6CVSS6.3AI score0.00326EPSS
Exploits0References10
Positive Technologies
Positive Technologies
added 2025/05/06 12:0 a.m.4 views

PT-2025-19969 · Auth0 · Passport-Wsfed-Saml2

Name of the Vulnerable Software and Affected Versions: passport-wsfed-saml2 versions 3.0.5 through 4.6.3 Description: A vulnerability in passport-wsfed-saml2 allows an attacker to impersonate any user in the Auth0 tenant during SAML authentication by crafting a SAMLResponse. This can be done by...

9.3CVSS6.3AI score0.00369EPSS
Exploits0References9
CNNVD
CNNVD
added 2025/05/06 12:0 a.m.7 views

Passport-wsfed-saml2 安全漏洞

Passport-wsfed-saml2 is an Auth0 open source token authentication provider program. A security vulnerability exists in Passport-wsfed-saml2 versions 3.0.5 through 4.6.3, which stems from SAML response tampering and could lead to user impersonation...

8.6CVSS6.6AI score0.00326EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2025/03/13 10:24 p.m.11 views

CVE-2025-27773

The SimpleSAMLphp SAML2 library is a PHP library for SAML2 related functionality. Prior to versions 4.17.0 and 5.0.0-alpha.20, there is a signature confusion attack in the HTTPRedirect binding. An attacker with any signed SAMLResponse via the HTTP-Redirect binding can cause the application to...

8.6CVSS6.7AI score0.00296EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/03/11 7:4 p.m.10 views

CVE-2025-27773 SimpleSAMLphp SAML2 library has incorrect signature verification for HTTP-Redirect binding

The SimpleSAMLphp SAML2 library is a PHP library for SAML2 related functionality. Prior to versions 4.17.0 and 5.0.0-alpha.20, there is a signature confusion attack in the HTTPRedirect binding. An attacker with any signed SAMLResponse via the HTTP-Redirect binding can cause the application to...

8.6CVSS8.5AI score0.00296EPSS
Exploits0References4
Cvelist
Cvelist
added 2025/03/11 7:4 p.m.30 views

CVE-2025-27773 SimpleSAMLphp SAML2 library has incorrect signature verification for HTTP-Redirect binding

The SimpleSAMLphp SAML2 library is a PHP library for SAML2 related functionality. Prior to versions 4.17.0 and 5.0.0-alpha.20, there is a signature confusion attack in the HTTPRedirect binding. An attacker with any signed SAMLResponse via the HTTP-Redirect binding can cause the application to...

8.6CVSS0.00296EPSS
Exploits0References4
Debian CVE
Debian CVE
added 2025/03/11 7:4 p.m.73 views

CVE-2025-27773

The SimpleSAMLphp SAML2 library is a PHP library for SAML2 related functionality. Prior to versions 4.17.0 and 5.0.0-alpha.20, there is a signature confusion attack in the HTTPRedirect binding. An attacker with any signed SAMLResponse via the HTTP-Redirect binding can cause the application to...

8.6CVSS5.3AI score0.00296EPSS
Exploits0
CVE
CVE
added 2025/03/11 7:4 p.m.109 views

CVE-2025-27773

CVE-2025-27773 affects the SimpleSAMLphp SAML2 library. A signature confusion attack exists in the HTTPRedirect binding where an attacker who has any signed SAMLResponse can cause the application to accept an unsigned message. This impacts versions prior to 4.17.0 and 5.0.0-alpha.20. The issue is...

8.6CVSS6.9AI score0.00296EPSS
Exploits0References5
Rows per page
Query Builder