EUVD-2015-5328

Malware in sbrugna...

AdNovum nevisAuth SAML Certificate Matching Vulnerability

AdNovum nevisAuth is a user system authentication and access management solution. AdNovum nevisAuth fails to correctly match X.509 certificates and IdP certificates, allowing remote attackers to submit specially crafted certificates to inject arbitrary SAML assertions...

CVE-2015-5372

The SAML 2.0 implementation in AdNovum nevisAuth 4.13.0.0 before 4.18.3.1, when using SAML POST-Binding, does not match all attributes of the X.509 certificate embedded in the assertion against the certificate from the identity provider IdP, which allows remote attackers to inject arbitrary SAML...

Code injection

The SAML 2.0 implementation in AdNovum nevisAuth 4.13.0.0 before 4.18.3.1, when using SAML POST-Binding, does not match all attributes of the X.509 certificate embedded in the assertion against the certificate from the identity provider IdP, which allows remote attackers to inject arbitrary SAML...

CVE-2015-5372

The SAML 2.0 implementation in AdNovum nevisAuth 4.13.0.0 before 4.18.3.1, when using SAML POST-Binding, does not match all attributes of the X.509 certificate embedded in the assertion against the certificate from the identity provider IdP, which allows remote attackers to inject arbitrary SAML...

CVE-2015-5372

The CVE concerns AdNovum nevisAuth SAML 2.0 prior to 4.18.3.1. In SAML POST-Binding, the implementation does not consistently compare attributes of the X.509 certificate embedded in the assertion with the IdP certificate, enabling an attacker to inject arbitrary SAML assertions via a crafted cert...

nevisAuth Authentication Bypass Vulnerability

nevisAuth versions since 4.13.0.0 2012-11-21 and prior to 4.18.3.1 2015-07-02 suffer from an authentication bypass vulnerability. Product: nevisAuth 1 Vendor: AdNovum 2 CVD ID: CVE-2015-5372 Subject: Authentication Bypass Risk: Critical Effect: Remotely exploitable Authors: Antoine Neuenschwander...