Important: lasso

Issue Overview: An XML Signature Wrapping XSW vulnerability was found in Lasso. This flaw allows an attacker to modify a valid SAML response to include an unsigned SAML assertion, which may be used to impersonate another valid user recognized by the service using Lasso. The highest threat from th...

CVE-2015-1783

The prefix variable in the getordefinens function in Lasso before commit 6d854cef4211cdcdbc7446c978f23ab859847cdd allows remote attackers to cause a denial of service uninitialized memory access and application crash via unspecified vectors...