PT-2021-24458 — Improper Verification of Cryptographic Signature in Goxmldsig Goxmldsig

PT-2021-24458 · Goxmldsig · Goxmldsig

Published

2021-05-24

Updated

2021-05-24

None

No severity ratings or metrics are available. When they are, we'll update the corresponding info on the page.

Name of the Vulnerable Software and Affected Versions: goxmldsig versions prior to 0.4.2

Description: An authentication bypass issue exists due to a vulnerability in the goxmldsig library used for verifying SAML assertions. This allows an attacker to craft a SAML response that appears valid but was not genuinely issued by the IDP.

Recommendations: For versions prior to 0.4.2, update to version 0.4.2 to fix the issue. As a temporary workaround, consider restricting the use of SAML assertions until the update is applied.

Improper Verification of Cryptographic Signature

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-347

Related Identifiers

GHSA-RRFW-HG9M-J47H

Affected Products

Goxmldsig

PT-2021-24458 · Goxmldsig · Goxmldsig

Weakness Enumeration

Related Identifiers

Affected Products

References · 3