Lucene search
K

4 matches found

Github Security Blog
Github Security Blog
added 2022/05/13 1:2 a.m.16 views

Wizkunde SAMLBase SAML Bypass

Wizkunde SAMLBase may incorrectly utilize the results of XML DOM traversal and canonicalization APIs in such a way that an attacker may be able to manipulate the SAML data without invalidating the cryptographic signature, allowing the attack to potentially bypass authentication to SAML service...

7.5CVSS8.1AI score0.0166EPSS
Exploits1References6Affected Software1
Veracode
Veracode
added 2018/07/25 3:17 a.m.11 views

SAML Authentication Bypass

Wizkunde SAMLBase is vulnerable to authentication bypasses. This is due to the inconsistent handling of comments within XML nodes, resulting in the incorrect parsing of the inner text of XML nodes. This causes any inner text after the comment to be lost prior to signing of the SAML message. An...

7.5CVSS8.1AI score0.0166EPSS
Exploits1References5Affected Software1
NVD
NVD
added 2018/07/24 3:29 p.m.9 views

CVE-2018-5387

Wizkunde SAMLBase may incorrectly utilize the results of XML DOM traversal and canonicalization APIs in such a way that an attacker may be able to manipulate the SAML data without invalidating the cryptographic signature, allowing the attack to potentially bypass authentication to SAML service...

7.5CVSS7.6AI score0.0166EPSS
Exploits1References4
Cvelist
Cvelist
added 2018/07/24 3:0 p.m.19 views

CVE-2018-5387

Wizkunde SAMLBase may incorrectly utilize the results of XML DOM traversal and canonicalization APIs in such a way that an attacker may be able to manipulate the SAML data without invalidating the cryptographic signature, allowing the attack to potentially bypass authentication to SAML service...

7.6AI score0.0166EPSS
Exploits1References4
Rows per page
Query Builder