2 matches found
CVE-2017-11430 Multiple SAML libraries may allow authentication bypass via incorrect XML canonicalization and DOM traversal
OmniAuth OmnitAuth-SAML 1.9.0 and earlier may incorrectly utilize the results of XML DOM traversal and canonicalization APIs in such a way that an attacker may be able to manipulate the SAML data without invalidating the cryptographic signature, allowing the attack to potentially bypass...
CVE-2017-11430
The CVE-2017-11430 entry concerns OmniAuth OmnitAuth-SAML 1.9.0 and earlier. The root cause is incorrect handling of XML DOM traversal and canonicalization APIs, enabling an attacker to manipulate SAML data without invalidating the cryptographic signature and potentially bypass authentication to ...