Information Exposure

Overview org.keycloak:keycloak-services is an open source identity and access management solution for modern applications and services. Affected versions of this package are vulnerable to Information Exposure via the SAML ECP endpoint when specially crafted SOAP requests are sent with varying...

EUVD-2019-13489

Malware in sbrugna...

Malicious code in @zalastax/nolb-_ecp (npm)

The package @zalastax/nolb-ecp was found to contain malicious code...

MAL-2025-9965 Malicious code in @zalastax/nolb-_ecp (npm)

The package @zalastax/nolb-ecp was found to contain malicious code...

Exploit for Improper Authentication in Microsoft

cve-2020-0688 Usage: usage: cve-2020-0688.py -h -s SERVER -u USER -p PASSWORD -c CMD optional arguments: -h, --help show this help message and exit -s SERVER, --server SERVER ECP Server URL Example: http://ip/owa -u USER, --user USER login account Example: domain\user -p PASSWORD, --password...

MAL-2025-767 Malicious code in @epic-ecp/types (npm)

--- -= Per source details. Do not edit below this line.=-...

Malicious code in @epic-ecp/types (npm)

--- -= Per source details. Do not edit below this line.=-...

Malicious code in ferminet-with-ecp (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 ee00c3ebd9a9dd393b6184c63072d81baa2ae968a831319453996dcf03d47999 A campaign of probably pentest packages flooding PYPI. Installing the package or importing the module triggers reporting basic info like hostname, path and the...

MAL-2024-11594 Malicious code in ferminet-with-ecp (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 ee00c3ebd9a9dd393b6184c63072d81baa2ae968a831319453996dcf03d47999 A campaign of probably pentest packages flooding PYPI. Installing the package or importing the module triggers reporting basic info like hostname, path and the...

Insufficiently Protected Credentials

SimpleSAMLphp is vulnerable to Insufficiently Protected Credentials. The vulnerability is due to credentials being insecurely saved to the user's session state when the ECP profile is disabled but supported in the Identity Provider's metadata, which could result in an attacker with administrator...

GHSA-7WH8-JRQ7-P27F SimpleSAMLphp exposes credentials in session storage

Background In order to implement support for the SAML Enhanced Client or Proxy profile, the credentials obtained for authentication were stored in the state in order to pass them to the relevant routines. This, however, led to the credentials being recorded in the user’s session, which can be...

SimpleSAMLphp exposes credentials in session storage

Background In order to implement support for the SAML Enhanced Client or Proxy profile, the credentials obtained for authentication were stored in the state in order to pass them to the relevant routines. This, however, led to the credentials being recorded in the user’s session, which can be...

PT-2024-40172 · Unknown · Simplesamlphp

Name of the Vulnerable Software and Affected Versions: SimpleSAMLphp versions 1.16.x up to 1.16.2 Description: The issue arises from the storage of credentials obtained for authentication in the state array, which can be persisted to the user's session and stored in permanent storage. This occurs...

CVE-2021-3827

A flaw was found in keycloak, where the default ECP binding flow allows other authentication flows to be bypassed. By exploiting this behavior, an attacker can bypass the MFA authentication by sending a SOAP request with an AuthnRequest and Authorization header with the user's credentials. The...

CVE-2021-3827

A flaw was found in keycloak, where the default ECP binding flow allows other authentication flows to be bypassed. By exploiting this behavior, an attacker can bypass the MFA authentication by sending a SOAP request with an AuthnRequest and Authorization header with the user's credentials. The...

CVE-2021-3827

CVE-2021-3827 concerns Keycloak where the default ECP binding flow can bypass other authentication flows, enabling an attacker to bypass MFA by sending a SOAP AuthnRequest with an Authorization header containing user credentials. Exploitation affects confidentiality and integrity as described in ...

CVE-2021-3827

A flaw was found in keycloak, where the default ECP binding flow allows other authentication flows to be bypassed. By exploiting this behavior, an attacker can bypass the MFA authentication by sending a SOAP request with an AuthnRequest and Authorization header with the user's credentials. The...

ecp-gmbh.de Cross Site Scripting vulnerability OBB-2687852

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

ECP SAML binding bypasses authentication flows

Description A flaw was found in keycloak, where the default ECP binding flow allows other authentication flows to be bypassed. By exploiting this behavior an attacker can bypass the MFA authentication by sending a SOAP request with an AuthnRequest and Authorization header with the user's...

GHSA-4PC7-VQV5-5R3V ECP SAML binding bypasses authentication flows

Description A flaw was found in keycloak, where the default ECP binding flow allows other authentication flows to be bypassed. By exploiting this behavior an attacker can bypass the MFA authentication by sending a SOAP request with an AuthnRequest and Authorization header with the user's...