VYPR

Passport Wsfed Saml2

by Auth0

Source repositories

CVEs (4)

  • CVE-2025-46572CriMay 6, 2025
    risk 0.53cvss epss 0.00

    passport-wsfed-saml2 provides passport strategy for both WS-fed and SAML2 protocol. A vulnerability present starting in version 3.0.5 up to and including version 4.6.3 allows an attacker to impersonate any user during SAML authentication by crafting a SAMLResponse. This can be…

  • CVE-2025-46573HigMay 6, 2025
    risk 0.49cvss epss 0.00

    passport-wsfed-saml2 provides passport strategy for both WS-fed and SAML2 protocol. A vulnerability present starting in version 3.0.5 up to and including version 4.6.3 allows an attacker to impersonate any user during SAML authentication by tampering with a valid SAML response.…

  • CVE-2017-16897HigDec 27, 2017
    risk 0.46cvss 8.1epss 0.01

    A vulnerability has been discovered in the Auth0 passport-wsfed-saml2 library affecting versions < 3.0.5. This vulnerability allows an attacker to impersonate another user and potentially elevate their privileges if the SAML identity provider does not sign the full SAML response…

  • CVE-2022-23505Dec 13, 2022
    risk 0.00cvss epss 0.01

    Passport-wsfed-saml2 is a ws-federation protocol and SAML2 tokens authentication provider for Passport. In versions prior to 4.6.3, a remote attacker may be able to bypass WSFed authentication on a website using passport-wsfed-saml2. A successful attack requires that the…