Lucene search
Veracode Vulnerability DatabaseVERACODE:37566HistoryOct 14, 2022 - 1:06 p.m.
Improper Verification Of Cryptographic Signature
2022-10-1413:06:52
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
5
node-saml
cryptographic signature
saml authentication
xml element
improper checks
0.003 Low
EPSS
Percentile
70.8%
Node-saml is vulnerable to improper cryptographic signature verification. A remote attacker is able to bypass SAML authentication via an arbitrary IDP signed XML element, due to improper checks for a valid top-level signature in saml.ts .
| CPE | Name | Operator | Version |
|---|---|---|---|
| @node-saml/node-saml | le | 4.0.0-beta.4 | |
| node-saml | le | 4.0.0-beta.2 | |
| @node-saml/node-saml | le | 4.0.0-beta.4 | |
| node-saml | le | 4.0.0-beta.2 |
Related
github
github
Signature bypass via multiple root elements
2022-10-12 22:05:44
nvd
nvd
CVE-2022-39300
2022-10-13 22:15:10
osv
osv
CVE-2022-39300
2022-10-13 22:15:10
Signature bypass via multiple root elements
2022-10-12 22:05:44
cve
cve
CVE-2022-39300
2022-10-13 22:15:10
cvelist
cvelist
CVE-2022-39300 Signature bypass via multiple root elements in node-SAML
2022-10-13 00:00:00
prion
prion
Authentication flaw
2022-10-13 22:15:00