Shibboleth OpenSAML library 2.4.x prior to 2.4.3 and 2.5.x prior to 2.5.1, and IdP prior to 2.3.2, allows remote malicious users to forge messages and bypass authentication via an "XML Signature wrapping attack."
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
shibboleth opensaml 2.4.0 |
||
shibboleth opensaml 2.4.1 |
||
shibboleth opensaml 2.4.2 |
||
shibboleth opensaml 2.5.0 |
||
shibboleth shibboleth-identity-provider 2.2.0 |
||
shibboleth shibboleth-identity-provider 2.1.5 |
||
shibboleth shibboleth-identity-provider 2.1.4 |
||
shibboleth shibboleth-identity-provider 2.1.3 |
||
shibboleth shibboleth-identity-provider 2.3.0 |
||
shibboleth shibboleth-identity-provider 2.2.1 |
||
shibboleth shibboleth-identity-provider 2.1.0 |
||
shibboleth shibboleth-identity-provider 2.0.0 |
||
shibboleth shibboleth-identity-provider |
||
shibboleth shibboleth-identity-provider 2.1.2 |
||
shibboleth shibboleth-identity-provider 2.1.1 |