VU#475445: SAML Authentication Bypass
Multiple SAML libraries may incorrectly utilize the results of XML DOM traversal and canonicalization APIs in such a way that an attacker may be able to manipulate the SAML data without invalidating the cryptographic signature, allowing the attack to potentially bypass authentication to SAML service providers.
Affected Cloud Foundry Products and Versions
- The Cloud Foundry team has determined that the UAA project is not exposed to this vulnerability and therefore does not require any upgrades.
2018-02-27: Initial vulnerability report published.