Vulnerability CVE-2015-5372
Published: 2015-09-28

Description:
The SAML 2.0 implementation in AdNovum nevisAuth 4.13.0.0 before 4.18.3.1, when using SAML POST-Binding, does not match all attributes of the X.509 certificate embedded in the assertion against the certificate from the identity provider (IdP), which allows remote attackers to inject arbitrary SAML assertions via a crafted certificate.

Type:

CWE-287

 (Improper Authentication)

CVSS2 => (AV:N/AC:L/Au:N/C:N/I:P/A:N)

CVSS Base Score
Impact Subscore
Exploitability Subscore
5/10
2.9/10
10/10
Exploit range
Attack complexity
Authentication
Remote
Low
No required
Confidentiality impact
Integrity impact
Availability impact
None
Partial
None
Affected software
Adnovum -> Nevisauth 

 References:
http://blog.csnc.ch/2015/09/saml-sp-authentication-bypass-vulnerability-in-nevisauth
http://packetstormsecurity.com/files/133628/nevisAuth-Authentication-Bypass.html
http://seclists.org/fulldisclosure/2015/Sep/87
http://www.csnc.ch/misc/files/advisories/CVE-2015-5372_AdNovum_nevisAuth_Authentication_Bypass.txt
http://www.securityfocus.com/archive/1/536508/100/0/threaded
Copyright 2024, cxsecurity.com

 

Back to Top