CVE-2017-11428

OneLogin Ruby-SAML 1.6.0 and earlier may incorrectly utilize the results of XML DOM traversal and canonicalization APIs in such a way that an attacker may be able to manipulate the SAML data without invalidating the cryptographic signature, allowing the attack to potentially bypass authentication to SAML service providers.
References
Link Resource
https://www.kb.cert.org/vuls/id/475445 US Government Resource Third Party Advisory
https://duo.com/blog/duo-finds-saml-vulnerabilities-affecting-multiple-implementations Exploit Technical Description Third Party Advisory
Advertisement

NeevaHost hosting service

Configurations

Configuration 1 (hide)

cpe:2.3:a:onelogin:ruby-saml:*:*:*:*:*:*:*:*

Information

Published : 2019-04-17 07:29

Updated : 2019-10-09 16:22


NVD link : CVE-2017-11428

Mitre link : CVE-2017-11428


JSON object : View

CWE
CWE-287

Improper Authentication

Advertisement

dedicated server usa

Products Affected

onelogin

  • ruby-saml