Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Wizkunde SAMLBase may incorrectly utilize the results of XML DOM traversal and canonicalization APIs in such a way that an attacker may be able to manipulate the SAML data without invalidating the cryptographic signature, allowing the attack to potentially bypass authentication to SAML service providers.
CVSS Information
N/A
Vulnerability Type
认证机制不恰当
Vulnerability Title
Wizkunde SAMLBase 数据伪造问题漏洞
Vulnerability Description
SAMLBase是Wizkunde的一款SAML服务提供程序。它能够与其它SAML2身份程序进行通信。 Wizkunde SAMLBase中存在安全漏洞,该漏洞源于程序没有正确的使用XML DOM遍历的结果及标准化的APIs。攻击者可通过操纵SAML数据并且使密码签名保持有效利用该漏洞绕过身份验证。
CVSS Information
N/A
Vulnerability Type
N/A