psPAS PowerShell module does not explicitly enforce TLS 1.2 within the Get-PASSAMLResponse function during the SAML authentication process. An unauthenticated attacker in a Man-in-the-Middle position could manipulate the TLS handshake and downgrade TLS to a deprecated protocol. Fixed in 7.0.209.
A protocol or its implementation supports interaction between multiple actors and allows those actors to negotiate which algorithm should be used as a protection mechanism such as encryption or authentication, but it does not select the strongest algorithm that is available to both parties.
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Pspas | Pspete | 6.4.85 (including) | 7.0.209 (excluding) |