VYPR
Unrated severityNVD Advisory· Published Apr 17, 2019· Updated Aug 5, 2024

Multiple SAML libraries may allow authentication bypass via incorrect XML canonicalization and DOM traversal

CVE-2018-7340

Description

Duo Network Gateway 1.2.9 and earlier may incorrectly utilize the results of XML DOM traversal and canonicalization APIs in such a way that an attacker may be able to manipulate the SAML data without invalidating the cryptographic signature, allowing the attack to potentially bypass authentication to SAML service providers.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2

Patches

Vulnerability mechanics

References

2

News mentions

0

No linked articles in our index yet.