12 matches found
EUVD-2018-0357
Malware in sbrugna...
GHSA-4VC4-M8QH-G8JM Ruby SAML allows a SAML authentication bypass due to DOCTYPE handling (parser differential)
Summary An authentication bypass vulnerability was found in ruby-saml due to a parser differential. ReXML and Nokogiri parse XML differently, the parsers can generate entirely different document structures from the same XML input. That allows an attacker to be able to execute a Signature Wrapping...
GHSA-G48F-PGWH-WWXX onelogin/php-saml signature wrapping attacks
Vulnerability in onelogin/php-saml versions prior to 2.10.0 allows signature Wrapping attacks which may result in a malicious user gaining unauthorized access to a system...
SugarCRM php-saml Vulnerability
SugarCRM is prone to a signature validation vulnerability in php-saml. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...
Response Wrapping Attacks
Python3-saml is vulnerable to response wrapping attacks. These attacks are possible in environments supporting EncryptedAssertion. The signature validation didn't verify the the number of locations and signed elements matched the expected numbers...
Vulnerability to Response Wrapping attacks resulting in a malicious user gaining unauthorized access to a system.
Improve Signature validation process. Validates NameID only if strict is enabled...
DEBIAN-CVE-2015-0227
Apache WSS4J before 1.6.17 and 2.x before 2.0.2 allows remote attackers to bypass the requireSignedEncryptedDataElements configuration via a vectors related to "wrapping attacks."...
CVE-2015-0227
Apache WSS4J before 1.6.17 and 2.x before 2.0.2 allows remote attackers to bypass the requireSignedEncryptedDataElements configuration via a vectors related to "wrapping attacks."...
UBUNTU-CVE-2015-0227
Apache WSS4J before 1.6.17 and 2.x before 2.0.2 allows remote attackers to bypass the requireSignedEncryptedDataElements configuration via a vectors related to "wrapping attacks."...
Design/Logic Flaw
Apache WSS4J before 1.6.17 and 2.x before 2.0.2 allows remote attackers to bypass the requireSignedEncryptedDataElements configuration via a vectors related to "wrapping attacks."...
CVE-2015-0227
Apache WSS4J before 1.6.17 and 2.x before 2.0.2 allows remote attackers to bypass the requireSignedEncryptedDataElements configuration via a vectors related to "wrapping attacks."...
CVE-2015-0227
CVE-2015-0227 affects Apache WSS4J, allowing remote bypass of requireSignedEncryptedDataElements via XML Signature wrapping attacks. The vulnerability is described as present in WSS4J releases before 1.6.17 and in 2.x releases before 2.0.2, enabling attackers to bypass security restrictions and p...