CVE-2021-21239

A verification flaw was found in python-pysaml2, where it did not ensure that a signed SAML document was correctly signed. The default CryptoBackendXmlSec1 backend uses the xmlsec1 binary to verify the signature of signed SAML documents, but by default xmlsec1 accepts any type of key found within...

Ubuntu 18.04 LTS / 20.04 LTS : PySAML2 vulnerability (USN-5066-1)

The remote Ubuntu 18.04 LTS / 20.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-5066-1 advisory. Brian Wolff discovered that PySAML2 incorrectly validated cryptographic signatures. A remote attacker could possibly use this issue to alter SAML...

Debian: Security Advisory (DLA-2577-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Improper Verification Of Cryptographic Signature

pysaml2 improperly verifies cryptographic signatures. The default CryptoBackendXmlSec1 using the xmlsec1 binary incorrectly accepts any type of key found in the given document, instead of explicitly allowing only x509 certificates for verification...

PYSEC-2021-49

PySAML2 is a pure python implementation of SAML Version 2 Standard. PySAML2 before 6.5.0 has an improper verification of cryptographic signature vulnerability. Users of pysaml2 that use the default CryptoBackendXmlSec1 backend and need to verify signed SAML documents are impacted. PySAML2 does no...

CVE-2021-21239

PySAML2 is a pure python implementation of SAML Version 2 Standard. PySAML2 before 6.5.0 has an improper verification of cryptographic signature vulnerability. Users of pysaml2 that use the default CryptoBackendXmlSec1 backend and need to verify signed SAML documents are impacted. PySAML2 does no...

Design/Logic Flaw

PySAML2 is a pure python implementation of SAML Version 2 Standard. PySAML2 before 6.5.0 has an improper verification of cryptographic signature vulnerability. Users of pysaml2 that use the default CryptoBackendXmlSec1 backend and need to verify signed SAML documents are impacted. PySAML2 does no...

CVE-2021-21239 Open default xmlsec1 key-type preference

PySAML2 is a pure python implementation of SAML Version 2 Standard. PySAML2 before 6.5.0 has an improper verification of cryptographic signature vulnerability. Users of pysaml2 that use the default CryptoBackendXmlSec1 backend and need to verify signed SAML documents are impacted. PySAML2 does no...

CVE-2021-21239

CVE-2021-21239 affects PySAML2 (pre-6.5.0) and stems from improper verification of SAML signatures when using the default CryptoBackendXmlSec1 backend. The underlying xmlsec1 verification can accept arbitrary keys embedded in the document instead of restricting to trusted IdP certificates, enabli...

GHSA-5P3X-R448-PC62 Improper Verification of Cryptographic Signature in PySAML2

Impact All users of pysaml2 that use the default CryptoBackendXmlSec1 backend and need to verify signed SAML documents are impacted. pysaml2 = 6.4.1 does not ensure that a signed SAML document is correctly signed. The default CryptoBackendXmlSec1 backend is using the xmlsec1 binary to verify the...

Improper Verification of Cryptographic Signature in PySAML2

Impact All users of pysaml2 that use the default CryptoBackendXmlSec1 backend and need to verify signed SAML documents are impacted. pysaml2 = 6.4.1 does not ensure that a signed SAML document is correctly signed. The default CryptoBackendXmlSec1 backend is using the xmlsec1 binary to verify the...

GHSA-F4G9-H89H-JGV9 SAML XML Signature wrapping in PySAML2

Impact All users of pysaml2 that use the default CryptoBackendXmlSec1 backend and need to verify signed SAML documents are impacted. pysaml2 = 6.4.1 does not validate the SAML document against an XML schema. This allows invalid XML documents to trick the verification process, by presenting elemen...