3 matches found
Apache CloudStack - SAML Signature Exclusion
The CloudStack SAML authentication disabled by default does not enforce signature check. In CloudStack environments where SAML authentication is enabled, an attacker that initiates CloudStack SAML single sign-on authentication can bypass SAML authentication by submitting a spoofed SAML response...
CVE-2024-41107 Apache CloudStack: SAML Signature Exclusion
The CloudStack SAML authentication disabled by default does not enforce signature check. In CloudStack environments where SAML authentication is enabled, an attacker that initiates CloudStack SAML single sign-on authentication can bypass SAML authentication by submitting a spoofed SAML response...
Denial Of Service (DoS)
simplesamlphp/saml2 is vulnerable to denial of service DoS attacks and spoofed SAML responses. It mishandles the conversion of return values to boolean which allows attackers to perform these attacks...