4 matches found
CVE-2026-54774 CoreWCF: SamlSerializer skips SignatureValue verification when SAML signing token is not an X.509 certificate
CoreWCF is a port of the service side of Windows Communication Foundation WCF to .NET Core. Prior to 1.8.1 and 1.9.1, SamlSerializer skips final SignatureValue verification when a CoreWCF service validates SAML tokens using a non-X.509 signing token, allowing an attacker to reference a non-X.509...
CoreWCF: SamlSerializer skips SignatureValue verification when SAML signing token is not an X.509 certificate
Impact When a service is configured to validate SAML tokens using a method other than X.509 certificate signing, the final signature verification is skipped. Preconditions The service is configured to authenticate using SAML tokens and an out of band token resolver commonly the IssuerTokenResolve...
CVE-2026-49454
Relyra (Elixir/Phoenix SAML SP) versions 1.0.0 and 1.1.0 are affected by an authentication bypass due to forged SignatureValue not being cryptographically verified in SAML 2.0 processing. The XMLDSig trust boundary was incomplete: :public_key.verify over the exclusive-C14N SignedInfo was not chec...
Improper Verification of Cryptographic Signature
Overview Affected versions of this package are vulnerable to Improper Verification of Cryptographic Signature due to the improper verification of SignatureValue within SignerInfo. An attacker can manipulate the integrity of signed data by crafting a malicious signature that bypasses validation...