logo
DATABASE RESOURCES PRICING ABOUT US

Insecure Signature Validation

Description

SOGo is using insecure signature validation. It does not validate the signatures of any SAML assertions it receives. Any actor with network access to the deployment could impersonate users when SAML is the authentication method.


Affected Software


CPE Name Name Version
sogo:sid 4.3.2-1
sogo:sid 4.3.2-1
sogo:bullseye 4.3.2-1
sogo:bullseye 4.3.2-1
sogo:buster 4.0.7-1+deb10u1
sogo:buster 4.0.7-1+deb10u1
sogo:sid 4.3.2-1
sogo:sid 4.3.2-1
sogo:bullseye 4.3.2-1
sogo:bullseye 4.3.2-1
sogo:buster 4.0.7-1+deb10u1
sogo:buster 4.0.7-1+deb10u1

Related