Andreas Mayer

**Name of the Vulnerable Software and Affected Versions** Shibboleth OpenSAML library versions 2.4.x through 2.4.2 Shibboleth OpenSAML library versions 2.5.x through 2.5.0 Shibboleth IdP versions prior to 2.3.2 **Description** The issue allows remote attackers to forge messages and bypass authentication via an "XML Signature wrapping attack." **Recommendations** For Shibboleth OpenSAML library versions 2.4.x through 2.4.2, update to version 2.4.3 or later. For Shibboleth OpenSAML library versions 2.5.x through 2.5.0, update to version 2.5.1 or later. For Shibboleth IdP versions prior to 2.3.2, update to version 2.3.2 or later.