4 matches found
Linux Distros Unpatched Vulnerability : CVE-2022-41912
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The crewjam/saml go library prior to version 0.4.9 is vulnerable to an authentication bypass when processing SAML responses containing multiple Assertion...
UBUNTU-CVE-2022-41912
The crewjam/saml go library prior to version 0.4.9 is vulnerable to an authentication bypass when processing SAML responses containing multiple Assertion elements. This issue has been corrected in version 0.4.9. There are no workarounds other than upgrading to a fixed version...
Authentication Bypass
SimpleSAMLphp is vulnerable to authentication bypasses. A malicious user can pass an unsigned SAML response with multiple assertions to the application. As long as one of the assertions are valid the application will consider the SAML response valid and grant access to the malicious user...
UBUNTU-CVE-2017-18122
A signature-validation bypass issue was discovered in SimpleSAMLphp through 1.14.16. A SimpleSAMLphp Service Provider using SAML 1.1 will regard as valid any unsigned SAML response containing more than one signed assertion, provided that the signature of at least one of the assertions is valid...