Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
passport-wsfed-saml2 Has SAML Authentication Bypass via Signature Wrapping
Vulnerability Description
passport-wsfed-saml2 provides passport strategy for both WS-fed and SAML2 protocol. A vulnerability present starting in version 3.0.5 up to and including version 4.6.3 allows an attacker to impersonate any user during SAML authentication by crafting a SAMLResponse. This can be done by using a valid SAML object that was signed by the configured IdP. Users are affected specifically when the service provider is using passport-wsfed-saml2 and a valid SAML document signed by the Identity Provider can be obtained. Version 4.6.4 contains a fix for the vulnerability.
CVSS Information
N/A
Vulnerability Type
认证机制不恰当
Vulnerability Title
Passport-wsfed-saml2 安全漏洞
Vulnerability Description
Passport-wsfed-saml2是Auth0开源的一个令牌身份验证提供程序。 Passport-wsfed-saml2 3.0.5版本至4.6.3版本存在安全漏洞,该漏洞源于SAML身份验证缺陷,可能导致用户冒充。
CVSS Information
N/A
Vulnerability Type
N/A