Rocket.Chat: SAML authentication bypass

Summary When using SAML authentication, responses are not checked properly. This allows attacker to inject/modify any assertions in the SAML response and thus, for example, authenticate as administrator. Description Following code snippets are from app/meteor-accounts-saml/server/samlutils.js Whe...

Unspecified Vulnerability in Red Hat PicketLink Service Provider and Identity Provider

Red Hat PicketLink is the United States Red Hat Red Hat company's set of unified identity management framework for Java applications. A security vulnerability exists in the Service Provider SP and Identity Provider IdP in Red Hat PicketLink versions prior to 2.7.0, which stems from the program's...