CVE Vulnerabilities

CVE-2011-1411

Improper Authentication

Published: Sep 02, 2011 | Modified: Oct 11, 2013
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
5.8 MEDIUM
AV:N/AC:M/Au:N/C:P/I:P/A:N
RedHat/V2
RedHat/V3
Ubuntu

Shibboleth OpenSAML library 2.4.x before 2.4.3 and 2.5.x before 2.5.1, and IdP before 2.3.2, allows remote attackers to forge messages and bypass authentication via an XML Signature wrapping attack.

Weakness

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

Affected Software

Name Vendor Start Version End Version
Opensaml Shibboleth 2.4.2 2.4.2
Opensaml Shibboleth 2.4.0 2.4.0
Opensaml Shibboleth 2.4.1 2.4.1
Opensaml Shibboleth 2.5.0 2.5.0

Potential Mitigations

References