OneLogin SAML SSO <= 2.4.2 - Signature Wrapping



Description
OneLogin SAML SSO updates php-saml library to 2.10.0 (it includes SAML Signature Wrapping attack prevention and other security improvements).

Affects Plugin

fixed in version 2.4.3

References

URL https://github.com/onelogin/wordpress-saml/releases/tag/2.4.3

Classification

Type AUTHBYPASS
OWASP Top 10 A2: Broken Authentication and Session Management
CWE CWE-287

Miscellaneous

Submitter Sixto Martin
Views 6653
Verified No
WPVDB ID 8640

Timeline

Publicly Published 2016-10-14 (over 3 years ago)
Added 2016-10-17 (over 3 years ago)
Last Updated 2019-11-01 (8 months ago)

Our Other Services

Online WordPress Vulnerability Scanner WPScan WordPress Security Plugin