XML Signature Wrapping Vulnerability in Shibboleth OpenSAML Library

XML Signature Wrapping Vulnerability in Shibboleth OpenSAML Library

CVE-2011-1411 · MEDIUM Severity

AV:N/AC:M/AU:N/C:P/I:P/A:N

Shibboleth OpenSAML library 2.4.x before 2.4.3 and 2.5.x before 2.5.1, and IdP before 2.3.2, allows remote attackers to forge messages and bypass authentication via an "XML Signature wrapping attack."

Learn more about our Web Application Penetration Testing UK.