11 matches found
EUVD-2024-2513
Malicious code in bioql PyPI...
GO-2024-3048 RobotsAndPencils go-saml authentication bypass vulnerability in github.com/RobotsAndPencils/go-saml
RobotsAndPencils go-saml authentication bypass vulnerability in github.com/RobotsAndPencils/go-saml...
GHSA-6H53-Q94J-348W RobotsAndPencils go-saml authentication bypass vulnerability
RobotsAndPencils go-saml, a SAML client library written in Go, contains an authentication bypass vulnerability in all known versions. This is due to how the xmlsec1 command line tool is called internally to verify the signature of SAML assertions. When xmlsec1 is used without defining the enabled...
RobotsAndPencils go-saml authentication bypass vulnerability
RobotsAndPencils go-saml, a SAML client library written in Go, contains an authentication bypass vulnerability in all known versions. This is due to how the xmlsec1 command line tool is called internally to verify the signature of SAML assertions. When xmlsec1 is used without defining the enabled...
RobotsAndPencils go-saml authentication bypass vulnerability
RobotsAndPencils go-saml, a SAML client library written in Go, contains an authentication bypass vulnerability in all known versions. This is due to how the xmlsec1 command line tool is called internally to verify the signature of SAML assertions. When xmlsec1 is used without defining the enabled...
CVE-2023-48703
RobotsAndPencils go-saml, a SAML client library written in Go, contains an authentication bypass vulnerability in all known versions. This is due to how the xmlsec1 command line tool is called internally to verify the signature of SAML assertions. When xmlsec1 is used without defining the enabled...
Authentication flaw
RobotsAndPencils go-saml, a SAML client library written in Go, contains an authentication bypass vulnerability in all known versions. This is due to how the xmlsec1 command line tool is called internally to verify the signature of SAML assertions. When xmlsec1 is used without defining the enabled...
CVE-2023-48703
CVE-2023-48703 affects the RobotsAndPencils/go-saml library. The vulnerability is an authentication bypass caused by how the xmlsec1 tool is invoked to verify SAML signatures: if the enabled key data is not restricted, an attacker can embed a forged public key in the SAML token and sign assertion...
CVE-2023-48703 SAML authentication bypass vulnerability in RobotsAndPencils/go-saml
RobotsAndPencils go-saml, a SAML client library written in Go, contains an authentication bypass vulnerability in all known versions. This is due to how the xmlsec1 command line tool is called internally to verify the signature of SAML assertions. When xmlsec1 is used without defining the enabled...
Hash Collision
github.com/robotsandpencils/go-saml is vulnerable to hash collision attacks. A remote attacker is able to cause hash collisions through the use of vulnerable SHA-1 in authnrequest.go and authnresponse.go files...
CVE-2020-36563 Weak hash (SHA-1) in github.com/RobotsAndPencils/go-saml
XML Digital Signatures generated and validated using this package use SHA-1, which may allow an attacker to craft inputs which cause hash collisions depending on their control over the input...