passport-wsfed-saml2@4.6.3 vulnerabilities
SAML2 Protocol and WS-Fed library
-
latest version
4.6.3
-
first published
12 years ago
-
latest version published
a year ago
-
licenses detected
- >=0
Direct Vulnerabilities
Known vulnerabilities in the passport-wsfed-saml2 package. This does not include vulnerabilities belonging to this package’s dependencies.
Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.| Vulnerability | Vulnerable Version |
|---|---|
passport-wsfed-saml2 is a SAML2 Protocol and WS-Fed library. Affected versions of this package are vulnerable to Access Restriction Bypass when a remote attacker can bypass WSFed authentication on a website. A successful attack requires that the attacker has an arbitrary IDP-signed assertion. NOTE Depending on the IDP used, fully unauthenticated attacks (e.g, without access to a valid user) might also be feasible if the generation of a signed message can be triggered. How to fix Access Restriction Bypass? A fix was pushed into the |
*
|