SAML Authentication Bypass Vulnerability in the wizkunde/samlbase library

 

 

SAML Authentication Bypass Vulnerability in the wizkunde/samlbase library - CVE-2018-5387

Overview

Wizkunde SAMLBase is vulnerable to authentication bypasse. due to mishandling of XML nodes, which causes invalid parsing of inner text of XML nodes causing loss of inner text after the comment before signing of the SAML message, giving the attacker the ability to manipulate the SAML data without breaking the cryptographic signature bypassing authentication to SAML service providers

Resources

Ready to be protected?

14 days trial , No credit card upfront , Risk free