QwikSec

Security Database

CVE

CWE

Training

CVE-2018-5387

Published: Jul 24, 2018

Modified: Sep 16, 2024

PUBLISHED

Description

Wizkunde SAMLBase may incorrectly utilize the results of XML DOM traversal and canonicalization APIs in such a way that an attacker may be able to manipulate the SAML data without invalidating the cryptographic signature, allowing the attack to potentially bypass authentication to SAML service providers.

Vendor	Product	Versions
Wizkunde	SAMLBase	affected `unspecified - < 1.2.7`

Weaknesses (CWE)

References

https://duo.com/blog/duo-finds-saml-vulnerabilities-affecting-multiple-implementations

x_refsource_MISC

https://www.kb.cert.org/vuls/id/475445

third-party-advisory

x_refsource_CERT-VN

https://github.com/GoGentoOSS/SAMLBase/issues/3

x_refsource_CONFIRM

https://github.com/GoGentoOSS/SAMLBase/commit/482cdf8c090e0f1179073034ebcb609ac7c3f5b3

x_refsource_CONFIRM

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.