2 matches found
CVE-2015-5372
The CVE concerns AdNovum nevisAuth SAML 2.0 prior to 4.18.3.1. In SAML POST-Binding, the implementation does not consistently compare attributes of the X.509 certificate embedded in the assertion with the IdP certificate, enabling an attacker to inject arbitrary SAML assertions via a crafted cert...
nevisAuth Authentication Bypass Vulnerability
nevisAuth versions since 4.13.0.0 2012-11-21 and prior to 4.18.3.1 2015-07-02 suffer from an authentication bypass vulnerability. Product: nevisAuth 1 Vendor: AdNovum 2 CVD ID: CVE-2015-5372 Subject: Authentication Bypass Risk: Critical Effect: Remotely exploitable Authors: Antoine Neuenschwander...