samlidp Open this link in a new tab package, versions <0.4.3

Attack Complexity

Low
Confidentiality

High
Integrity

High
Availability

High

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications

snyk-id

SNYK-GOLANG-GITHUBCOMCREWJAMSAMLSAMLIDP-1052758
published

18 Dec 2020
disclosed

17 Dec 2020
credit

Unknown

Report a new vulnerability Found a mistake?

Introduced: 17 Dec 2020

CVE-2020-27846 Open this link in a new tab CWE-287 Open this link in a new tab

How to fix?

Upgrade github.com/crewjam/saml/samlidp to version 0.4.3 or higher.

Overview

github.com/crewjam/saml/samlidp is a package that contains a partial implementation of the SAML standard in golang. SAML is a standard for identity federation, i.e. either allowing a third party to authenticate your users or allowing third parties to rely on us to authenticate their users.

Affected versions of this package are vulnerable to Authentication Bypass. It allows an attacker to bypass SAML Authentication.

** Note: This is a duplicate of SNYK-GOLANG-GITHUBCOMCREWJAMSAML-1050998.

Authentication Bypass Affecting github.com/crewjam/saml/samlidp Open this link in a new tab package, versions <0.4.3

Attack Complexity

Confidentiality

Integrity

Availability

snyk-id

published

disclosed

credit

Introduced: 17 Dec 2020

How to fix?

Overview

References