PT-2019-7724 · Onelogin · Onelogin-Saml-Sso

Publicado

2019-08-22

Atualizado

2019-08-29

CVE-2016-10928

CVSS v3.1

7.5

Alta

Vetor

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions onelogin-saml-sso plugin versions prior to 2.2.0

Description The issue concerns a hardcoded password @@@nopass@@@ used for just-in-time provisioned users.

Recommendations For versions prior to 2.2.0, update to version 2.2.0 or later to resolve the issue.

Correção

Using Hardcoded Credentials

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

CVE-2016-10928

Onelogin-Saml-Sso