SAML Response Validation Vulnerability in Apache Guacamole 1.2.0 and 1.3.0

SAML Response Validation Vulnerability in Apache Guacamole 1.2.0 and 1.3.0

CVE-2021-43999 · HIGH Severity

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Apache Guacamole 1.2.0 and 1.3.0 do not properly validate responses received from a SAML identity provider. If SAML support is enabled, this may allow a malicious user to assume the identity of another Guacamole user.

Learn more about our User Device Pen Test.