OpenAM vulnerable to user impersonation using SAMLv1.x SSO process

Impact OpenAM up to version 14.7.2 does not properly validate the signature of SAML responses received as part of the SAMLv1.x Single Sign-On process. Attackers can use this fact to impersonate any OpenAM user, including the administrator, by sending a specially crafted SAML response to the...

PT-2022-20545 · Wire · Wire

Name of the Vulnerable Software and Affected Versions: Wire versions prior to 2022-07-12/Chart 4.19.0 Description: The issue allows an attacker to delete all SAML authenticated accounts of a targeted team, authenticate as a user of the attacked team, and create arbitrary accounts in the context o...

PT-2021-4286 · Sogo +1 · Sogo +1

Name of the Vulnerable Software and Affected Versions: SOGo versions 2.0.5a through 2.4.1 SOGo versions 3.x through 5.x before 5.1.1 Description: The issue is related to the incorrect validation of cryptographic signatures in SAML assertions, which could allow a remote attacker to impersonate use...

PT-2020-6502

Name of the Vulnerable Software and Affected Versions IBM Data Risk Manager versions 2.0.1 through 2.0.6 Description The issue is related to the implementation of SAML Security Assertion Markup Language technology in IBM Data Risk Manager, which is associated with deficiencies in the authenticati...