An improper verification of cryptographic signature in Zscalers SAML authentication mechanism on the server-side allowed an authentication abuse.
Weakness
The product does not verify, or incorrectly verifies, the cryptographic signature for data.
References