Insufficient Audience Validation in PicketLink SAML Assertion Processing

Insufficient Audience Validation in PicketLink SAML Assertion Processing

CVE-2015-0277 · MEDIUM Severity

AV:N/AC:M/AU:S/C:P/I:P/A:P

The Service Provider (SP) in PicketLink before 2.7.0 does not ensure that it is a member of an Audience element when an AudienceRestriction is specified, which allows remote attackers to log in to other users' accounts via a crafted SAML assertion. NOTE: this identifier has been SPLIT per ADT2 due to different vulnerability types. See CVE-2015-6254 for lack of validation for the Destination attribute in a Response element in a SAML assertion.

Learn more about our User Device Pen Test.