Shibboleth / opensaml signature wrapping attacks
news
/
advisories
/
forum
/
software
/
advertising
/
search
/
exploits
[EN]
securityvulns.ru
no-pyccku
Shibboleth / opensaml signature wrapping attacks
Published:
26.07.2011
Source:
BUGTRAQ
SecurityVulns ID:
11812
Type:
library
Level:
6
/10
Description:
It's possible to spoof signed content.
Affected:
OPENSAML
:
opensaml 2.3
CVE:
CVE-2011-1411
(Shibboleth OpenSAML library 2.4.x before 2.4.3 and 2.5.x before 2.5.1, and IdP before 2.3.2, allows remote attackers to forge messages and bypass authentication via an "XML Signature wrapping attack.")
Original document
DEBIAN
,
[SECURITY] [DSA 2284-1] opensaml2 security update
(
26.07.2011
)
Discuss:
Read or add your comments to this news (0 comments)
About
|
Terms of use
|
Privacy Policy
©
SecurityVulns
,
3APA3A
, Vladimir Dubrovin
Nizhny Novgorod
Enter your search terms
Web
securityvulns.com
Submit search form
