EUVD-2018-0156

Malware in sbrugna...

Samlify and Express-saml2 Arbitrary User Impersonation Vulnerability

Samlify is an open source Node.js API for single sign-on. express-saml2 is the predecessor of Samlify. A security vulnerability exists in Samlify 2.2.0 and earlier versions and Express-saml2. An attacker can exploit this vulnerability to impersonate any user...

Design/Logic Flaw

An XML Signature Wrapping vulnerability exists in Samlify 2.2.0 and earlier, and in predecessor Express-saml2 which could allow attackers to impersonate arbitrary users...

CVE-2017-1000452

An XML Signature Wrapping vulnerability exists in Samlify 2.2.0 and earlier, and in predecessor Express-saml2 which could allow attackers to impersonate arbitrary users...

CVE-2017-1000452

An XML Signature Wrapping vulnerability exists in Samlify 2.2.0 and earlier, and in predecessor Express-saml2 which could allow attackers to impersonate arbitrary users...

CVE-2017-1000452

CVE-2017-1000452 affects Samlify (≤2.2.0) and the predecessor Express-saml2. It describes an XML Signature Wrapping vulnerability that could allow an attacker to impersonate arbitrary users. Reported impact includes high confidentiality, integrity, and availability concerns; exploitation is descr...

CVE-2017-1000452

An XML Signature Wrapping vulnerability exists in Samlify 2.2.0 and earlier, and in predecessor Express-saml2 which could allow attackers to impersonate arbitrary users...