Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
OpenSAML 2.x before 2.2.1 and XMLTooling 1.x before 1.2.1, as used by Internet2 Shibboleth Service Provider 2.x before 2.2.1, do not follow the KeyDescriptor element's Use attribute, which allows remote attackers to use a certificate for both signing and encryption when it is designated for just one purpose, potentially weakening the intended security application of the certificate.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Internet2 OpenSAML 'use' Key证书验证安全绕过漏洞
Vulnerability Description
OpenSAML 2.2.1版本之前的2.x版本以及 XMLTooling 1.2.1之前的1.x版本,当在Internet2 Shibboleth Service Provider 2.2.1版本之前的2.x版本中运行时,没有遵循KeyDescriptor元件的使用属性,这会允许远程攻击者使用一个证书用于标记和编码,这会对预设的证书安全应用程序造成潜在性的破坏。
CVSS Information
N/A
Vulnerability Type
N/A