CVE-2017-11429

Clever saml2-js 2.0 and earlier may incorrectly utilize the results of XML DOM traversal and canonicalization APIs in such a way that an attacker may be able to manipulate the SAML data without invalidating the cryptographic signature, allowing the attack to potentially bypass authentication to SAML service providers.
References
Link Resource
https://duo.com/blog/duo-finds-saml-vulnerabilities-affecting-multiple-implementations Exploit Technical Description Third Party Advisory
https://www.kb.cert.org/vuls/id/475445 Third Party Advisory US Government Resource
https://duo.com/blog/duo-finds-saml-vulnerabilities-affecting-multiple-implementations Exploit Technical Description Third Party Advisory
https://www.kb.cert.org/vuls/id/475445 Third Party Advisory US Government Resource
Configurations

Configuration 1 (hide)

cpe:2.3:a:clever:saml2-js:*:*:*:*:*:*:*:*

History

21 Nov 2024, 03:07

Type Values Removed Values Added
References () https://duo.com/blog/duo-finds-saml-vulnerabilities-affecting-multiple-implementations - Exploit, Technical Description, Third Party Advisory () https://duo.com/blog/duo-finds-saml-vulnerabilities-affecting-multiple-implementations - Exploit, Technical Description, Third Party Advisory
References () https://www.kb.cert.org/vuls/id/475445 - US Government Resource, Third Party Advisory () https://www.kb.cert.org/vuls/id/475445 - Third Party Advisory, US Government Resource
CVSS v2 : 7.5
v3 : 9.8
v2 : 7.5
v3 : 7.7

Information

Published : 2019-04-17 14:29

Updated : 2024-11-21 03:07


NVD link : CVE-2017-11429

Mitre link : CVE-2017-11429

CVE.ORG link : CVE-2017-11429


JSON object : View

Products Affected

clever

  • saml2-js
CWE
CWE-287

Improper Authentication