4 matches found
CVE-2025-24895
CIE.AspNetCore.Authentication is an AspNetCore Remote Authenticator for CIE 3.0. Authentication using Spid and CIE is based on the SAML2 standard which provides two entities: 1. Identity Provider IDP: the system that authenticates users and provides identity information SAML affirmation to the...
CVE-2025-24895
CIE.AspNetCore.Authentication is an AspNetCore Remote Authenticator for CIE 3.0. Authentication using Spid and CIE is based on the SAML2 standard which provides two entities: 1. Identity Provider IDP: the system that authenticates users and provides identity information SAML affirmation to the...
CVE-2025-24895
CVE-2025-24895 describes a SAML signature verification bypass in the CIE.AspNetCore.Authentication SP component for SPID/CIE. The issue arises because the first signature in a SAML response is not guaranteed to refer to the root object; an attacker could inject an item signed as the first element...
CVE-2025-24895
creationtimestamp| type| source ---|---|--- 2025-02-17 13:25:42+00:00| published-proof-of-concept| https://github.com/italia/cie-aspnetcore/security/advisories/GHSA-vq63-8f72-f486 2025-02-18 19:16:19+00:00| seen| https://bsky.app/profile/cve-notifications.bsky.social/post/3lihxwvee2w2n 2025-02-18...