3 matches found
passport-wsfed-saml2 Signature Bypass vulnerability
Information Please note that this is not a new disclosure, and is previously reported in our SECURITY-NOTICE.md which we removed in favor of github advisory. Overview A vulnerability was found in the validation of a SAML signature. The validation doesn't ensure that the "Signature" tag is at the...
GHSA-5WRG-8FXP-CX9R passport-wsfed-saml2 Signature Bypass vulnerability
Information Please note that this is not a new disclosure, and is previously reported in our SECURITY-NOTICE.md which we removed in favor of github advisory. Overview A vulnerability was found in the validation of a SAML signature. The validation doesn't ensure that the "Signature" tag is at the...
PT-2023-32981 · Unknown · Passport-Wsfed-Saml2
Name of the Vulnerable Software and Affected Versions: passport-wsfed-saml2 versions prior to 3.0.10 Description: A vulnerability was found in the validation of a SAML signature, where the validation doesn't ensure that the Signature tag is at the proper location inside an Assertion tag. This lea...