Unrated severityNVD Advisory· Published Apr 17, 2019· Updated Aug 5, 2024
Multiple SAML libraries may allow authentication bypass via incorrect XML canonicalization and DOM traversal
CVE-2018-7340
Description
Duo Network Gateway 1.2.9 and earlier may incorrectly utilize the results of XML DOM traversal and canonicalization APIs in such a way that an attacker may be able to manipulate the SAML data without invalidating the cryptographic signature, allowing the attack to potentially bypass authentication to SAML service providers.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- Range: <=1.2.9
- Duo Security/Duo Network Gatewayv5Range: unspecified
Patches
Vulnerability mechanics
References
2- duo.com/blog/duo-finds-saml-vulnerabilities-affecting-multiple-implementationsmitrex_refsource_MISC
- www.kb.cert.org/vuls/id/475445mitrex_refsource_MISC
News mentions
0No linked articles in our index yet.