CVE-2018-8085
Veracode entry VERACODE:13415 documents a SAML Signature Relocation vulnerability affecting passport-wsfed-saml2. The issue arises because the validation function does not ensure the Signature element is located correctly within an Assertion, enabling signature relocation attacks. The provided ma...