3 matches found
CVE-2016-8638
Ipsilon is affected by a SAML2 multi-session vulnerability (CVE-2016-8638). Affected versions: ipsilon 2.0 before 2.0.2, 1.2 before 1.2.1, 1.1 before 1.1.2, and 1.0 before 1.0.3. The issue relates to how sessions are tracked, allowing an unauthenticated attacker to view and terminate active sessi...
CVE-2015-5217
CVE-2015-5217 affects Ipsilon 0.1.0 prior to 1.0.1. The IdP server’s providers/saml2/admin.py fails to properly enforce permission checks when updating the SAML2 SP owner, enabling remote authenticated users to trigger a denial of service by creating a duplicate SP name. Affected: Ipsilon IdP (SA...
CVE-2015-5301
CVE-2015-5301 affects Ipsilon IdP (providers/saml2/admin.py). In Ipsilon 0.1.0–1.0.2 and 1.1.x–1.1.1, incorrect permission checks allow remote authenticated users to delete a SAML2 Service Provider (SP) and cause a denial of service. Affected versions are 0.1.0 before 1.0.2 and 1.1.x before 1.1.1...