opensaml2 -- unauthenticated login
OpenSAML developer reports: The Shibboleth software relies on the OpenSAML libraries to perform verification of signed XML messages such as attribute queries or SAML assertions. Both the Java and C++ versions are vulnerable to a so-called "wrapping attack" that allows a remote, unauthenticated...