308 matches found
CXF: Improper security semantics enforcement of SAML SubjectConfirmation methods
It was found that Apache WSS4J Web Services Security for Java, as used by Apache CXF with the TransportBinding, did not, by default, properly enforce all security requirements associated with SAML SubjectConfirmation methods. A remote attacker could use this flaw to perform various types of...
Unspecified Vulnerability in Oracle OpenSSO SAML Subpart (CNVD-2015-00552)
OpenSSO project is an open source implementation of SSO Single Sign-On for Web applications deployed on different Web or different servers to provide centralized authentication capabilities . Oracle OpenSSO SAML subcomponent has a security vulnerability that allows remote attackers to exploit the...
CXF: The SecurityTokenService accepts certain invalid SAML Tokens as valid
It was found that the SecurityTokenService STS, provided as a part of Apache CXF, could under certain circumstances accept invalid SAML tokens as valid. A remote attacker could use a specially crafted SAML token to gain access to an application that uses STS for validation of SAML tokens...
CXF: The SecurityTokenService accepts certain invalid SAML Tokens as valid
It was found that the SecurityTokenService STS, provided as a part of Apache CXF, could under certain circumstances accept invalid SAML tokens as valid. A remote attacker could use a specially crafted SAML token to gain access to an application that uses STS for validation of SAML tokens...
Fedora Update for opensaml FEDORA-2011-12815
Check for the Version of opensaml OpenVAS Vulnerability Test Fedora Update for opensaml FEDORA-2011-12815 Authors: System Generated Check Copyright: Copyright c 2012 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the...
[SECURITY] Fedora 16 Update: opensaml-2.3-6.fc16
OpenSAML is an open source implementation of the OASIS Security Assertion Markup Language Specification. It contains a set of open source C++ classes that support the SAML 1.0, 1.1, and 2.0 specifications...
Fedora Update for opensaml FEDORA-2011-12890
Check for the Version of opensaml OpenVAS Vulnerability Test Fedora Update for opensaml FEDORA-2011-12890 Authors: System Generated Check Copyright: Copyright c 2011 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the...
Google SAML Single Sign on vulnerability
Overview The SAML Single Sign-On SSO Service for Google Apps contained a vulnerability that could have allowed an attacker to gain access to a user's Google account. Description The Security Assertion Markup Language SAML is a standard for transmitting authentication data between two or more...