FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

opensaml2 -- unauthenticated login

Affected packages
0 < opensaml2 < 2.4.3


VuXML ID 9f14cb36-b6fc-11e0-a044-445c73746d79
Discovery 2011-07-25
Entry 2011-07-25

OpenSAML developer reports:

The Shibboleth software relies on the OpenSAML libraries to perform verification of signed XML messages such as attribute queries or SAML assertions. Both the Java and C++ versions are vulnerable to a so-called "wrapping attack" that allows a remote, unauthenticated attacker to craft specially formed messages that can be successfully verified, but contain arbitrary content.


CVE Name CVE-2011-1411