Описание
samlify SAML Signature Wrapping attack
A Signature Wrapping attack has been found in samlify <v2.10.0, allowing an attacker to forge a SAML Response to authenticate as any user. An attacker would need a signed XML document by the identity provider.
Пакеты
Наименование
samlify
npm
Затронутые версииВерсия исправления
< 2.10.0
2.10.0
Связанные уязвимости
CVSS3: 7.5
nvd
9 месяцев назад
samlify is a Node.js library for SAML single sign-on. A Signature Wrapping attack has been found in samlify prior to version 2.10.0, allowing an attacker to forge a SAML Response to authenticate as any user. An attacker would need a signed XML document by the identity provider. Version 2.10.0 fixes the issue.