2 matches found
CVE-2018-7340
Duo Network Gateway 1.2.9 and earlier may incorrectly utilize the results of XML DOM traversal and canonicalization APIs in such a way that an attacker may be able to manipulate the SAML data without invalidating the cryptographic signature, allowing the attack to potentially bypass authenticatio...
CVE-2018-7340
Duo Network Gateway (DNG) 1.2.9 and earlier is affected by CVE-2018-7340 due to incorrect handling of XML DOM traversal and canonicalization in the python-saml library, which can allow an attacker to modify SAML data without invalidating the signature and potentially bypass authentication to SAML...