PicketLink: SP does not take Audience condition of a SAML assertion into account
A flaw was found in the way PicketLink's Service Provider and Identity Provider handled certain requests. A remote attacker could use this flaw to log to a victim's account via PicketLink...