← back
CVE-2011-1411

CVE-2011-1411

EPSS 2.3%
Shibboleth OpenSAML library 2.4.x before 2.4.3 and 2.5.x before 2.5.1, and IdP before 2.3.2, allows remote attackers to forge messages and bypass authentication via an "XML Signature wrapping attack."
Affected products
n/a · n/a

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
http://secunia.com/advisories/50994http://shibboleth.internet2.edu/secadv/secadv_20110725.txthttp://www.debian.org/security/2011/dsa-2284http://www.mandriva.com/security/advisories?name=MDVSA-2013:150http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html