samlify is a Highly configuarable Node.js SAML 2.0 library for Single Sign On.
Affected versions of this package are vulnerable to Improper Verification of Signature. An attacker could potentially wrap the signature of a SAML response, and insert a new username in the original token, making it appear as though a different user was authenticated.
samlify to version 2.4.0 or higher.
Do your applications use this vulnerable package?
- Erlend Oftedal
- Snyk ID
- 23 May, 2018
- 15 Nov, 2018