CVE-2021-23365

CVSS v3.1

9.1

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

Name of the Vulnerable Software and Affected Versions tyk-identity-broker versions prior to 1.1.1

Description The issue is related to Authentication Bypass via the Go XML parser, which can cause SAML authentication bypass. This occurs because the XML parser does not guarantee integrity in the XML round-trip, specifically during the encoding and decoding of XML data.

Recommendations For versions prior to 1.1.1, update to version 1.1.1 or later to resolve the issue. As a temporary workaround, consider restricting the use of SAML authentication until the update is applied.

Fix

Improper Authentication

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-287

Related Identifiers

CVE-2021-23365

GHSA-599H-8WPJ-75XJ

GO-2022-0906

SNYK-GOLANG-GITHUBCOMTYKTECHNOLOGIESTYKIDENTITYBROKER-1089720

Affected Products

Tyk-Identity-Broker

CVE-2021-23365

Weakness Enumeration

Related Identifiers

Affected Products

References · 11