CVE-2011-1411

Improper Authentication in maven/org.opensaml/opensaml

Identifiers

GHSA-qwwj-qj3f-9hv7, CVE-2011-1411

Package Slug

maven/org.opensaml/opensaml

Vulnerability

Improper Authentication

Description

Shibboleth OpenSAML library 2.4.x before 2.4.3 and 2.5.x before 2.5.1, and IdP before 2.3.2, allows remote attackers to forge messages and bypass authentication via an "XML Signature wrapping attack."

Affected Versions

All versions starting from 2.4.0 before 2.4.3, all versions starting from 2.5.0 before 2.5.1

Solution

Upgrade to versions 2.4.3, 2.5.1 or above.

Last Modified

2022-07-26

source