4 matches found
CVE-2022-23610
wire-server provides back end services for Wire, an open source messenger. In versions of wire-server prior to the 2022-01-27 release, it was possible to craft DSA Signatures to bypass SAML SSO and impersonate any Wire user with SAML credentials. In teams with SAML, but without SCIM, it was...
CVE-2022-23610
CVE-2022-23610 affects wire-server before 2022-01-27, where an upstream library used for parsing/validating SAML XML could accept attacker-provided public keys as trusted in signatures. This enabled an attacker to bypass SAML SSO and impersonate any Wire user with SAML credentials, including crea...
CVE-2022-23610 Improper Verification of Cryptographic Signature in wire-server
wire-server provides back end services for Wire, an open source messenger. In versions of wire-server prior to the 2022-01-27 release, it was possible to craft DSA Signatures to bypass SAML SSO and impersonate any Wire user with SAML credentials. In teams with SAML, but without SCIM, it was...
CVE-2022-23610 Improper Verification of Cryptographic Signature in wire-server
wire-server provides back end services for Wire, an open source messenger. In versions of wire-server prior to the 2022-01-27 release, it was possible to craft DSA Signatures to bypass SAML SSO and impersonate any Wire user with SAML credentials. In teams with SAML, but without SCIM, it was...