The Service Provider (SP) in PicketLink prior to 2.7.0 does not ensure that it is a member of an Audience element when an AudienceRestriction is specified, which allows remote malicious users to log in to other users' accounts via a crafted SAML assertion. NOTE: this identifier has been SPLIT per ADT2 due to different vulnerability types. See CVE-2015-6254 for lack of validation for the Destination attribute in a Response element in a SAML assertion.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
picketlink picketlink |