4 matches found
GHSA-9WRW-P9RM-R782 onelogin/php-saml Improper signature validation on LogoutRequest/LogoutResponse.
In order to verify Signatures on Logoutrequests and LogoutResponses we use the verifySignature of the class XMLSecurityKey from the xmlseclibs library. That method end up calling opensslverify depending on the signature algorithm used. The opensslverify function returns 1 when the signature was...
Nextcloud: Update php-saml library to 2.10.5
The php-saml library as used by our SSO implementation had a minor security patch in 2.10.4 as per https://github.com/onelogin/php-saml/commit/949359f5cad5e1d085c4e5447d9aa8f49a6e82a1. So we should update this in our next minor releases. Security update for signature validation on...
An error during signature verification can be treated as a successful verification.
Security update for signature validation on LogoutRequest/LogoutResponse. In order to verify Signatures on Logoutrequests and LogoutResponses we use the verifySignature of the class XMLSecurityKey from the xmlseclibs library. That method end up calling opensslverify depending on the signature...
An error during signature verification can be treated as a successful verification.
…nse. In order to verify Signatures on Logoutrequests and LogoutResponses we use the verifySignature of the class XMLSecurityKey from the xmlseclibs library. That method end up calling opensslverify depending on the signature algorithm used. The opensslverify function returns 1 when the signature...