Back to search
CVE-2017-16897
Published: Dec 23, 2017
Modified: Aug 5, 2024
PUBLISHED
Description
A vulnerability has been discovered in the Auth0 passport-wsfed-saml2 library affecting versions < 3.0.5. This vulnerability allows an attacker to impersonate another user and potentially elevate their privileges if the SAML identity provider does not sign the full SAML response (e.g., only signs the assertion within the response).
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
https://auth0.com/docs/security/bulletins/cve-2017-16897
x_refsource_CONFIRM
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now