Описание
Improper Authentication in OpenSAML
Shibboleth OpenSAML library 2.4.x before 2.4.3 and 2.5.x before 2.5.1, and IdP before 2.3.2, allows remote attackers to forge messages and bypass authentication via an "XML Signature wrapping attack."
Пакеты
org.opensaml:opensaml
>= 2.4.0, < 2.4.3
2.4.3
org.opensaml:opensaml
>= 2.5.0, < 2.5.1
2.5.1
Связанные уязвимости
Shibboleth OpenSAML library 2.4.x before 2.4.3 and 2.5.x before 2.5.1, and IdP before 2.3.2, allows remote attackers to forge messages and bypass authentication via an "XML Signature wrapping attack."
Shibboleth OpenSAML library 2.4.x before 2.4.3 and 2.5.x before 2.5.1, and IdP before 2.3.2, allows remote attackers to forge messages and bypass authentication via an "XML Signature wrapping attack."
Shibboleth OpenSAML library 2.4.x before 2.4.3 and 2.5.x before 2.5.1, ...