Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
passport-wsfed-saml2 Has SAML Authentication Bypass via Attribute Smuggling
Vulnerability Description
passport-wsfed-saml2 provides passport strategy for both WS-fed and SAML2 protocol. A vulnerability present starting in version 3.0.5 up to and including version 4.6.3 allows an attacker to impersonate any user during SAML authentication by tampering with a valid SAML response. This can be done by adding attributes to the response. Users are affected specifically when the service provider is using `passport-wsfed-saml2` and a valid SAML Response signed by the Identity Provider can be obtained. Version 4.6.4 contains a fix for the vulnerability.
CVSS Information
N/A
Vulnerability Type
认证机制不恰当
Vulnerability Title
Passport-wsfed-saml2 安全漏洞
Vulnerability Description
Passport-wsfed-saml2是Auth0开源的一个令牌身份验证提供程序。 Passport-wsfed-saml2 3.0.5版本至4.6.3版本存在安全漏洞,该漏洞源于SAML响应篡改,可能导致用户冒充。
CVSS Information
N/A
Vulnerability Type
N/A