Lucene search
Veracode Vulnerability DatabaseVERACODE:5600HistoryDec 27, 2017 - 10:45 p.m.
Elevation Of Privileges
2017-12-2722:45:11
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
5
0.002 Low
EPSS
Percentile
60.8%
passport-wsfed-saml2 is vulnerable to elevation of privileges. When a SAML identity provider doesn’t sign the entire SAML response, attackers can change the NameIdentifier to login as a different user. The attacker needs either be able to intercept encrypted traffic and modify SAML responses on the fly or have an existing attack.
| CPE | Name | Operator | Version |
|---|---|---|---|
| passport-wsfed-saml2 | le | 3.0.4 |
Related
prion
prion
Design/Logic Flaw
2017-12-27 17:08:00
osv
osv
High severity vulnerability that affects passport-wsfed-saml2
2017-12-28 22:51:45
passport-wsfed-saml2 vulnerable to Signature Bypass in SAML2 token
2023-06-21 22:00:18
CVE-2017-16897
2017-12-27 17:08:17
cve
cve
CVE-2017-16897
2017-12-27 17:08:17
cvelist
cvelist
CVE-2017-16897
2017-12-23 21:00:00
nvd
nvd
CVE-2017-16897
2017-12-27 17:08:17
github
github
passport-wsfed-saml2 vulnerable to Signature Bypass in SAML2 token
2023-06-21 22:00:18