CVE Vulnerabilities

CVE-2011-1411

Improper Authentication

Published: Sep 02, 2011 | Modified: Oct 11, 2013
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
5.8 MEDIUM
AV:N/AC:M/Au:N/C:P/I:P/A:N
RedHat/V2
RedHat/V3
Ubuntu
MEDIUM

Shibboleth OpenSAML library 2.4.x before 2.4.3 and 2.5.x before 2.5.1, and IdP before 2.3.2, allows remote attackers to forge messages and bypass authentication via an XML Signature wrapping attack.

Weakness

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

Affected Software

Name Vendor Start Version End Version
Opensaml Shibboleth 2.4.0 (including) 2.4.0 (including)
Opensaml Shibboleth 2.4.1 (including) 2.4.1 (including)
Opensaml Shibboleth 2.4.2 (including) 2.4.2 (including)
Opensaml Shibboleth 2.5.0 (including) 2.5.0 (including)
Opensaml Ubuntu hardy *
Opensaml2 Ubuntu lucid *
Opensaml2 Ubuntu maverick *
Opensaml2 Ubuntu natty *
Opensaml2 Ubuntu upstream *

Potential Mitigations

References