Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
veracodeVeracode Vulnerability DatabaseVERACODE:38462
HistoryDec 14, 2022 - 3:21 a.m.

Authentication Bypass

2022-12-1403:21:00
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
15
passport-wsfed-saml2
authentication bypass
retrievetoken function
vulnerability
ws-fed

EPSS

0.002

Percentile

57.8%

JSON

passport-wsfed-saml2 is vulnerable to authentication bypass. The vulnerability exists in the retrieveToken function of wsfederation.js due to a lack of proper validation when more than one assertion is inside a token response for WS-Fed, which allows an attacker to bypass WSFed authentication.

Related

prion 1
cve 1
cvelist 1
osv 1
nvd 1
github 1
prion
prion
Authentication flaw
2022-12-13 08:15:00
cve
cve
CVE-2022-23505
2022-12-13 08:15:09
cvelist
cvelist
CVE-2022-23505 Passport-wsfed-saml2 vulnerable to Authentication Bypass for WSFed authentication
2022-12-13 07:04:23
osv
osv
Authentication Bypass for passport-wsfed-saml2
2022-12-13 17:16:36
nvd
nvd
CVE-2022-23505
2022-12-13 08:15:09
github
github
Authentication Bypass for passport-wsfed-saml2
2022-12-13 17:16:36

EPSS

0.002

Percentile

57.8%

JSON
Related for VERACODE:38462
prion1cve1cvelist1osv1nvd1github1