Name of the Vulnerable Software and Affected Versions passport-wsfed-saml2 versions prior to 3.0.10

Description A vulnerability was found in the validation of a SAML signature, where the validation doesn't ensure that the Signature tag is at the proper location inside an Assertion tag. This leads to a signature relocation attack, allowing an authenticated attacker to corrupt one field of data while maintaining the signature valid. The attacker could remove one group from the assertion or corrupt another field of an assertion.

Recommendations For versions prior to 3.0.10, upgrade the passport-wsfed-saml2 library to version 3.0.10 or above.