Wizkunde SAMLBase may incorrectly utilize the results of XML DOM traversal and canonicalization APIs in such a way that an attacker may be able to manipulate the SAML data without invalidating the cryptographic signature, allowing the attack to potentially bypass authentication to SAML service providers.
References
Link | Resource |
---|---|
https://duo.com/blog/duo-finds-saml-vulnerabilities-affecting-multiple-implementations | Exploit Third Party Advisory |
https://github.com/GoGentoOSS/SAMLBase/commit/482cdf8c090e0f1179073034ebcb609ac7c3f5b3 | Patch Third Party Advisory |
https://github.com/GoGentoOSS/SAMLBase/issues/3 | Issue Tracking Patch Third Party Advisory |
https://www.kb.cert.org/vuls/id/475445 | Third Party Advisory US Government Resource |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: certcc
Published: 2018-02-27T00:00:00
Updated: 2022-03-31T14:15:14
Reserved: 2018-01-12T00:00:00
Link: CVE-2018-5387
JSON object: View
NVD Information
Status : Analyzed
Published: 2018-07-24T15:29:01.187
Modified: 2022-06-01T20:24:12.053
Link: CVE-2018-5387
JSON object: View
Redhat Information
No data.