Passport-wsfed-saml2 allows SAML Authentication Bypass via Attribute Smuggling

Overview This vulnerability allows an attacker to impersonate any user during SAML authentication by tampering with a valid SAML response. This can be done by adding attributes to the response. Am I Affected? You are affected by this SAML Attribute Smuggling vulnerability if you are using...

GHSA-8GQJ-226H-GM8R Passport-wsfed-saml2 allows SAML Authentication Bypass via Attribute Smuggling

Overview This vulnerability allows an attacker to impersonate any user during SAML authentication by tampering with a valid SAML response. This can be done by adding attributes to the response. Am I Affected? You are affected by this SAML Attribute Smuggling vulnerability if you are using...

CVE-2025-46573 passport-wsfed-saml2 Has SAML Authentication Bypass via Attribute Smuggling

passport-wsfed-saml2 provides passport strategy for both WS-fed and SAML2 protocol. A vulnerability present starting in version 3.0.5 up to and including version 4.6.3 allows an attacker to impersonate any user during SAML authentication by tampering with a valid SAML response. This can be done b...