samlr is vulnerable to authentication bypass attacks. This is due to inconsistent validation of signed assertions which allows an attacker to manipulate SAML data without invalidating the cryptographic signature and bypass authentication to SAML service providers.