Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
The XmlSecLibs library as used in the saml2 library in SimpleSAMLphp before 1.15.3 incorrectly verifies signatures on SAML assertions, allowing a remote attacker to construct a crafted SAML assertion on behalf of an Identity Provider that would pass as cryptographically valid, thereby allowing them to impersonate a user from that Identity Provider, aka a key confusion issue.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
SimpleSAMLphp SAML2库XmlSecLibs库安全漏洞
Vulnerability Description
SimpleSAMLphp是一套实现了SAML 2.0服务提供者和标识提供者功能的PHP身份验证应用程序。SAML2 library是其中的一个安全声明标记语言库。XmlSecLibs library是其中的一个XML安全库。 SimpleSAMLphp 1.15.3之前版本的SAML2库中使用的XmlSecLibs库存在安全漏洞,该漏洞源于程序没有正确的验证SAML断言签名。远程攻击者可通过构造特制的SAML断言利用该漏洞冒充用户。
CVSS Information
N/A
Vulnerability Type
N/A