Passport-wsfed-saml2 Security Vulnerabilities and Issues — Passport-wsfed-saml2 CVE List

Lucene search

Auth0Passport-wsfed-saml2

4 matches found

CVE•added 2025/05/06 9:16 p.m.•60 views

CVE-2025-46572

passport-wsfed-saml2 provides passport strategy for both WS-fed and SAML2 protocol. A vulnerability present starting in version 3.0.5 up to and including version 4.6.3 allows an attacker to impersonate any user during SAML authentication by crafting a SAMLResponse. This can be done by using a valid...

9.3CVSS6.6AI score0.00114EPSS

CVE•added 2022/12/13 8:15 a.m.•55 views

CVE-2022-23505

Passport-wsfed-saml2 is a ws-federation protocol and SAML2 tokens authentication provider for Passport. In versions prior to 4.6.3, a remote attacker may be able to bypass WSFed authentication on a website using passport-wsfed-saml2. A successful attack requires that the attacker is in possession o...

7.5CVSS6.4AI score0.00054EPSS

CVE•added 2025/05/06 9:16 p.m.•53 views

CVE-2025-46573

passport-wsfed-saml2 provides passport strategy for both WS-fed and SAML2 protocol. A vulnerability present starting in version 3.0.5 up to and including version 4.6.3 allows an attacker to impersonate any user during SAML authentication by tampering with a valid SAML response. This can be done by ...

8.6CVSS6.7AI score0.00113EPSS

CVE•added 2017/12/27 5:8 p.m.•49 views

CVE-2017-16897

A vulnerability has been discovered in the Auth0 passport-wsfed-saml2 library affecting versions

9.3CVSS7.7AI score0.00422EPSS