Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
samlify SAML Signature Wrapping attack
Vulnerability Description
samlify is a Node.js library for SAML single sign-on. A Signature Wrapping attack has been found in samlify prior to version 2.10.0, allowing an attacker to forge a SAML Response to authenticate as any user. An attacker would need a signed XML document by the identity provider. Version 2.10.0 fixes the issue.
CVSS Information
N/A
Vulnerability Type
密码学签名的验证不恰当
Vulnerability Title
samlify 数据伪造问题漏洞
Vulnerability Description
samlify是tngan个人开发者的一个用于 SAML SSO 的 Node.js 库。 samlify 2.10.0之前版本存在数据伪造问题漏洞,该漏洞源于签名包装攻击,可能导致伪造SAML响应。
CVSS Information
N/A
Vulnerability Type
N/A