Lucene search

K
veracodeVeracode Vulnerability DatabaseVERACODE:38149
HistoryNov 22, 2022 - 5:45 a.m.

Authentication Bypass

2022-11-2205:45:33
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
18
vulnerability
authentication
service provider
saml
github
signature bypass

EPSS

0.006

Percentile

78.0%

github.com/crewjam/saml is vulnerable to authentication bypass. The vulnerability exists in multiple functions of service_provider.go when processing SAML responses containing multiple assertion elements which allows an attacker to bypass the signature.