{"id":6048,"date":"2018-02-27T15:06:53","date_gmt":"2018-02-27T21:06:53","guid":{"rendered":"http:\/\/allidm.com\/blog\/?p=6048"},"modified":"2018-02-27T15:06:53","modified_gmt":"2018-02-27T21:06:53","slug":"multiple-saml-libraries-may-allow-authentication-bypass-via-incorrect-xml-canonicalization-and-dom-traversal","status":"publish","type":"post","link":"https:\/\/allidm.com\/blog\/multiple-saml-libraries-may-allow-authentication-bypass-via-incorrect-xml-canonicalization-and-dom-traversal\/","title":{"rendered":"Multiple SAML libraries may allow authentication bypass via incorrect XML canonicalization and DOM traversal"},"content":{"rendered":"

Multiple SAML libraries may allow authentication bypass via incorrect XML canonicalization and DOM traversal<\/h2>\n

Overview<\/strong>
\nMultiple SAML libraries may incorrectly utilize the results of XML DOM traversal and canonicalization APIs in such a way that an attacker may be able to manipulate the SAML data without invalidating the cryptographic signature, allowing the attack to potentially bypass authentication to SAML service providers.
\nDescription<\/p>\n

Impact<\/strong>
\nBy modifying SAML content without invalidating the cryptographic signature, a remote, unauthenticated attacker may be able to bypass primary authentication for an affected SAML service provider.<\/p>\n

Read more at – Multiple SAML libraries may allow authentication bypass via incorrect XML canonicalization and DOM traversal<\/a><\/p>\n

\"\"<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"

Multiple SAML libraries may allow authentication bypass via incorrect XML canonicalization and DOM traversal Overview Multiple SAML libraries may incorrectly utilize the results of XML DOM traversal and canonicalization APIs in such a way that an attacker may be able to manipulate the SAML data without invalidating the cryptographic signature, allowing the attack to potentially […]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"nf_dc_page":"","_jetpack_newsletter_access":"","_jetpack_dont_email_post_to_subs":false,"_jetpack_newsletter_tier_id":0,"_jetpack_memberships_contains_paywalled_content":false,"_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[1227,88,6],"tags":[57,492,23],"class_list":["post-6048","post","type-post","status-publish","format-standard","hentry","category-access-manager","category-identity-space","category-news","tag-authentication","tag-saml","tag-security"],"jetpack_featured_media_url":"","jetpack_shortlink":"https:\/\/wp.me\/p25vfy-1zy","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/allidm.com\/blog\/wp-json\/wp\/v2\/posts\/6048","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/allidm.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/allidm.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/allidm.com\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/allidm.com\/blog\/wp-json\/wp\/v2\/comments?post=6048"}],"version-history":[{"count":1,"href":"https:\/\/allidm.com\/blog\/wp-json\/wp\/v2\/posts\/6048\/revisions"}],"predecessor-version":[{"id":6049,"href":"https:\/\/allidm.com\/blog\/wp-json\/wp\/v2\/posts\/6048\/revisions\/6049"}],"wp:attachment":[{"href":"https:\/\/allidm.com\/blog\/wp-json\/wp\/v2\/media?parent=6048"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/allidm.com\/blog\/wp-json\/wp\/v2\/categories?post=6048"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/allidm.com\/blog\/wp-json\/wp\/v2\/tags?post=6048"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}