Home / os / winnt

FusionAuth-SAMLv2 0.2.3 Message Forging

Posted on 03 October 2020

Unauthenticated users can send forged messages to the FusionAuth to bypass authentication, impersonate other users or gain arbitrary roles. The SAML message can be send to the application without a signature even if this is required. The impact depends on individual applications that implement fusionauth-samlv2. Version 0.2.3 is vulnerable.

 

TOP

Malware :

Exploits :