Computer Security
[EN] securityvulns.ru no-pyccku


Shibboleth / opensaml signature wrapping attacks
Published:26.07.2011
Source:
SecurityVulns ID:11812
Type:library
Threat Level:
6/10
Description:It's possible to spoof signed content.
Affected:OPENSAML : opensaml 2.3
CVE:CVE-2011-1411 (Shibboleth OpenSAML library 2.4.x before 2.4.3 and 2.5.x before 2.5.1, and IdP before 2.3.2, allows remote attackers to forge messages and bypass authentication via an "XML Signature wrapping attack.")
Original documentdocumentDEBIAN, [SECURITY] [DSA 2284-1] opensaml2 security update (26.07.2011)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod