Improper security semantics enforcement of SAML SubjectConfirmation methods
This package when using TransportBinding, does not properly enforce the SAML SubjectConfirmation method security semantics, which allows remote attackers to conduct spoofing attacks via unspecified vectors.