10 matches found
CVE-2021-33054
SOGo 2.x before 2.4.1 and 3.x through 5.x before 5.1.1 does not validate the signatures of any SAML assertions it receives. Any actor with network access to the deployment could impersonate users when SAML is the authentication method. Only versions after 2.0.5a are affected...
Mageia: Security Advisory (MGASA-2022-0481)
The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
MGASA-2022-0481 Updated sogo packages fix security vulnerability
Missing SAML signature validation in the SOGo groupware could result in impersonation attacks. CVE-2021-33054...
Updated sogo packages fix security vulnerability
Missing SAML signature validation in the SOGo groupware could result in impersonation attacks. CVE-2021-33054...
Debian: Security Advisory (DSA-5029-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
[SECURITY] [DLA 2707-1] sogo security update
------------------------------------------------------------------------- Debian LTS Advisory DLA-2707-1 [email protected] https://www.debian.org/lts/security/ Anton Gladky July 12, 2021 https://wiki.debian.org/LTS -...
SOGo < 2.4.1, 3.x < 5.1.1 Multiple Vulnerabilities
SOGo is prone to multiple vulnerabilities in SAML. SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:alinto:sogo"; if description...
CVE-2021-33054
SOGo 2.x before 2.4.1 and 3.x through 5.x before 5.1.1 does not validate the signatures of any SAML assertions it receives. Any actor with network access to the deployment could impersonate users when SAML is the authentication method. Only versions after 2.0.5a are affected...
CVE-2021-33054
CVE-2021-33054 affects SOGo 2.x (before 2.4.1) and 3.x–5.x (before 5.1.1); the issue is that SOGo does not validate signatures of any SAML assertions, allowing an attacker with network access to impersonate users via SAML authentication. The root cause is the lack of SAML signature validation. Pu...
SOGo and PacketFence Impacted by SAML Implementation Vulnerabilities
Part of Akamai's incident management process for vulnerabilities in third party software involves verifying potential impact in other systems using the same or similar libraries. While following that process when addressing the SAML impersonation vulnerability, CVE-2021-28091, which impacted...