Name of the Vulnerable Software and Affected Versions saml2-js versions prior to 2.0.5

Description The issue is related to an Authentication Bypass in the saml2-js package. It fails to enforce the assertion conditions for encrypted assertions, which may allow an attacker to reuse encrypted assertion tokens indefinitely.

Recommendations Upgrade to version 2.0.5 or later.