CVE-2021-28091

It was discovered that lasso, a library which implements SAML 20 and Liberty Alliance standards, did not properly verify that all assertions in a SAML response were properly signed, allowing an attacker to impersonate users or bypass access control For the stable distribution (buster), this problem has been fixed in version 260-2+deb10u1 We re ...

An XML Signature Wrapping (XSW) vulnerability was found in Lasso This flaw allows an attacker to modify a valid SAML response to include an unsigned SAML assertion, which may be used to impersonate another valid user recognized by the service using Lasso The highest threat from this vulnerability is to data confidentiality and integrity as well a ...

An XML Signature Wrapping (XSW) vulnerability was found in Lasso This flaw allows an attacker to modify a valid SAML response to include an unsigned SAML assertion, which may be used to impersonate another valid user recognized by the service using Lasso The highest threat from this vulnerability is to data confidentiality and integrity as well a ...

An XML Signature Wrapping (XSW) vulnerability was found in Lasso This flaw allows an attacker to modify a valid SAML response to include an unsigned SAML assertion, which may be used to impersonate another valid user recognized by the service using Lasso The highest threat from this vulnerability is to data confidentiality and integrity as well a ...

On June 1, 2021, Lasso disclosed a security vulnerability in the Lasso Security Assertion Markup Language (SAML) Single Sign-On (SSO) library This vulnerability could allow an authenticated attacker to impersonate another authorized user when interacting with an application For a description of this vulnerability, see lassogit NEWS This advisor ...