8 matches found
CoreWCF: SamlSerializer skips SignatureValue verification when SAML signing token is not an X.509 certificate
Impact When a service is configured to validate SAML tokens using a method other than X.509 certificate signing, the final signature verification is skipped. Preconditions The service is configured to authenticate using SAML tokens and an out of band token resolver commonly the IssuerTokenResolve...
EUVD-2022-28652
Malicious code in bioql PyPI...
Service Provider SAML Signing Certificate FAQ
Q: What is SAML signing? A: SAML signing certificates are X.509 certificates used to verify data sent between the Service Provider SP and SAML provider IdP. Your SAML provider IdP uses the Citrix Cloud SAML signing certificate to verify the signature sent by Citrix Cloud within its SAML...
CVE-2022-23716
A flaw was discovered in ECE before 3.1.1 that could lead to the disclosure of the SAML signing private key used for the RBAC features, in deployment logs in the Logging and Monitoring cluster...
CVE-2022-23716
A flaw was discovered in ECE before 3.1.1 that could lead to the disclosure of the SAML signing private key used for the RBAC features, in deployment logs in the Logging and Monitoring cluster...
CVE-2022-23716
A flaw was discovered in ECE before 3.1.1 that could lead to the disclosure of the SAML signing private key used for the RBAC features, in deployment logs in the Logging and Monitoring cluster...
CVE-2022-23716
The CVE-2022-23716 entry pertains to Elastic Cloud Enterprise (ECE) before 3.1.1, where the SAML signing private key used for RBAC could be disclosed via deployment logs in the Logging and Monitoring cluster. Connected sources confirm affected product/version and the root cause (private key expos...
PT-2022-16225 · Ece · Ece
Name of the Vulnerable Software and Affected Versions: ECE versions prior to 3.1.1 Description: A flaw was discovered that could lead to the disclosure of the SAML signing private key used for the RBAC features, in deployment logs in the Logging and Monitoring cluster. Recommendations: For versio...