Rod Widdowson

Researcher fromSteading System Software LLP
#16614of 53,633
16.2Total CVSS
Vulnerabilities · 2
High
2
PT-2017-14597
8.1
2017-11-16
Shibboleth · Shibboleth Service Provider · CVE-2017-16852
**Name of the Vulnerable Software and Affected Versions** Shibboleth Service Provider versions prior to 2.6.1 **Description** The issue arises from the Dynamic MetadataProvider plugin in Shibboleth Service Provider, which fails to properly configure itself with the MetadataFilter plugins. This failure leads to the omission of critical security checks, including signature verification and enforcement of validity periods, among other deployment-specific checks. **Recommendations** For versions prior to 2.6.1, update to version 2.6.1 or later to resolve the issue.
PT-2017-14598
8.1
2017-11-16
Shibboleth Consortium · Opensaml · CVE-2017-16853
**Name of the Vulnerable Software and Affected Versions** OpenSAML versions prior to 2.6.1 **Description** The issue arises from the DynamicMetadataProvider class in OpenSAML-C, which fails to properly configure itself with the MetadataFilter plugins. This failure leads to a lack of critical security checks, including signature verification and enforcement of validity periods. These checks are crucial for secure deployments. **Recommendations** For versions prior to 2.6.1, update to version 2.6.1 or later to resolve the issue.