EUVD-2019-13489

Malware in sbrugna...

Malicious code in @zalastax/nolb-_ecp (npm)

The package @zalastax/nolb-ecp was found to contain malicious code...

MAL-2025-9965 Malicious code in @zalastax/nolb-_ecp (npm)

The package @zalastax/nolb-ecp was found to contain malicious code...

Exploit for Improper Authentication in Microsoft

cve-2020-0688 Usage: usage: cve-2020-0688.py -h -s SERVER -u USER -p PASSWORD -c CMD optional arguments: -h, --help show this help message and exit -s SERVER, --server SERVER ECP Server URL Example: http://ip/owa -u USER, --user USER login account Example: domain\user -p PASSWORD, --password...

Malicious code in @epic-ecp/types (npm)

--- -= Per source details. Do not edit below this line.=-...

MAL-2025-767 Malicious code in @epic-ecp/types (npm)

--- -= Per source details. Do not edit below this line.=-...

Malicious code in ferminet-with-ecp (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 ee00c3ebd9a9dd393b6184c63072d81baa2ae968a831319453996dcf03d47999 A campaign of probably pentest packages flooding PYPI. Installing the package or importing the module triggers reporting basic info like hostname, path and the...

MAL-2024-11594 Malicious code in ferminet-with-ecp (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 ee00c3ebd9a9dd393b6184c63072d81baa2ae968a831319453996dcf03d47999 A campaign of probably pentest packages flooding PYPI. Installing the package or importing the module triggers reporting basic info like hostname, path and the...

Insufficiently Protected Credentials

SimpleSAMLphp is vulnerable to Insufficiently Protected Credentials. The vulnerability is due to credentials being insecurely saved to the user's session state when the ECP profile is disabled but supported in the Identity Provider's metadata, which could result in an attacker with administrator...

SimpleSAMLphp exposes credentials in session storage

Background In order to implement support for the SAML Enhanced Client or Proxy profile, the credentials obtained for authentication were stored in the state in order to pass them to the relevant routines. This, however, led to the credentials being recorded in the user’s session, which can be...

GHSA-7WH8-JRQ7-P27F SimpleSAMLphp exposes credentials in session storage

Background In order to implement support for the SAML Enhanced Client or Proxy profile, the credentials obtained for authentication were stored in the state in order to pass them to the relevant routines. This, however, led to the credentials being recorded in the user’s session, which can be...

PT-2024-40172 · Unknown · Simplesamlphp

Name of the Vulnerable Software and Affected Versions: SimpleSAMLphp versions 1.16.x up to 1.16.2 Description: The issue arises from the storage of credentials obtained for authentication in the state array, which can be persisted to the user's session and stored in permanent storage. This occurs...

CVE-2021-3827

A flaw was found in keycloak, where the default ECP binding flow allows other authentication flows to be bypassed. By exploiting this behavior, an attacker can bypass the MFA authentication by sending a SOAP request with an AuthnRequest and Authorization header with the user's credentials. The...

CVE-2021-3827

A flaw was found in keycloak, where the default ECP binding flow allows other authentication flows to be bypassed. By exploiting this behavior, an attacker can bypass the MFA authentication by sending a SOAP request with an AuthnRequest and Authorization header with the user's credentials. The...

CVE-2021-3827

CVE-2021-3827 concerns Keycloak where the default ECP binding flow can bypass other authentication flows, enabling an attacker to bypass MFA by sending a SOAP AuthnRequest with an Authorization header containing user credentials. Exploitation affects confidentiality and integrity as described in ...

CVE-2021-3827

A flaw was found in keycloak, where the default ECP binding flow allows other authentication flows to be bypassed. By exploiting this behavior, an attacker can bypass the MFA authentication by sending a SOAP request with an AuthnRequest and Authorization header with the user's credentials. The...

ecp-gmbh.de Cross Site Scripting vulnerability OBB-2687852

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

GHSA-4PC7-VQV5-5R3V ECP SAML binding bypasses authentication flows

Description A flaw was found in keycloak, where the default ECP binding flow allows other authentication flows to be bypassed. By exploiting this behavior an attacker can bypass the MFA authentication by sending a SOAP request with an AuthnRequest and Authorization header with the user's...

ECP SAML binding bypasses authentication flows

Description A flaw was found in keycloak, where the default ECP binding flow allows other authentication flows to be bypassed. By exploiting this behavior an attacker can bypass the MFA authentication by sending a SOAP request with an AuthnRequest and Authorization header with the user's...

Privilege Escalation

keycloak is vulnerable to privilege escalation. The vulnerability exists due to a flaw in the default ECP binding flow which allows other authentication flows to be bypassed...