Name of the Vulnerable Software and Affected Versions:

Node-SAML versions 5.0.1 and below

Description:

Node-SAML improperly loads the assertion from the unsigned original response document, differing from the parts verified during signature checking. This allows modification of authentication details within a valid SAML assertion. An attacker could, for example, remove characters from the `username` within the SAML assertion. Exploitation requires a validly signed document from the identity provider (IdP).

Recommendations:

Update to version 5.1.0 or later.