2 matches found
The vulnerability in the XMLSignatureUtil class of the Keycloak identity and access management software allows a hacker to circumvent existing security restrictions and gain increased privileges.
The vulnerability of the XMLSignatureUtil class in the software for managing identification and access control in Keycloak relates to the improper processing of signed elements of the cryptographic signature. Exploiting this vulnerability can allow a malicious actor to circumvent existing securit...
keycloak-saml-core: Improper Verification of SAML Responses Leading to Privilege Escalation in Keycloak
A flaw exists in the SAML signature validation method within the Keycloak XMLSignatureUtil class. The method incorrectly determines whether a SAML signature is for the full document or only for specific assertions based on the position of the signature in the XML document, rather than the Referen...