2 matches found
PT-2023-32981 · Unknown · Passport-Wsfed-Saml2
Name of the Vulnerable Software and Affected Versions: passport-wsfed-saml2 versions prior to 3.0.10 Description: A vulnerability was found in the validation of a SAML signature, where the validation doesn't ensure that the Signature tag is at the proper location inside an Assertion tag. This lea...
SAML Signature Relocation Attack
passport-wsfed-saml2 is vulnerable to SAML signature relocation attacks. The vulnerability exists as the validation function does not ensure that the Signature tag is in the correct location in an Assertion tag, allowing attackers to perform signature relocation attacks...