Char49

**Name of the Vulnerable Software and Affected Versions** TOPdesk version 12.10.12 **Description** The issue allows bad actors with credentials to authenticate with the Identity Provider to impersonate any TOPdesk user via SAML Response manipulation. This is due to XML Signature Wrapping (XSW) in the SAML-based Single Sign-on feature. **Recommendations** For TOPdesk version 12.10.12, at the moment, there is no information about a newer version that contains a fix for this vulnerability.