2 matches found
Authorization Bypass
sustainsys.saml2 is vulnerable to authorization bypass. The vulnerability exists as it recognizes all incoming tokens as bearer tokens. A user would not require a valid Saml2 bearer token to create a log in session...
Session fixation
In Saml2 Authentication Services for ASP.NET versions before 1.0.2, and between 2.0.0 and 2.6.0, there is a vulnerability in how tokens are validated in some cases. Saml2 tokens are usually used as bearer tokens - a caller that presents a token is assumed to be the subject of the token. There is...