CVE-2017-16897

HIGH Year: 2017
CVSS v3 Score
8.1
High
CVSS v2 Score
9.3
Critical
Weakness Type
CWE-290
View all →

Vulnerability Description

A vulnerability has been discovered in the Auth0 passport-wsfed-saml2 library affecting versions < 3.0.5. This vulnerability allows an attacker to impersonate another user and potentially elevate their privileges if the SAML identity provider does not sign the full SAML response (e.g., only signs the assertion within the response).

Related Vulnerabilities

CVE-2020-2002

HIGH
CVSS:8.1(High)

An authentication bypass by spoofing vulnerability exists in the authentication daemon and User-ID components of Palo Alto Networks PAN-OS by failing to verify the integrity of the Kerberos key distri...

CWE-2902020

CVE-2022-0030

HIGH
CVSS:8.1(High)

An authentication bypass vulnerability in the Palo Alto Networks PAN-OS 8.1 web interface allows a network-based attacker with specific knowledge of the target firewall or Panorama appliance to impers...

CWE-2902022

CVE-2022-30319

HIGH
CVSS:8.1(High)

Saia Burgess Controls (SBC) PCD through 2022-05-06 allows Authentication bypass. According to FSCT-2022-0062, there is a Saia Burgess Controls (SBC) PCD S-Bus authentication bypass issue. The affected...

CWE-2902022

CVE-2022-32747

HIGH
CVSS:8.1(High)

A CWE-290: Authentication Bypass by Spoofing vulnerability exists that could cause legitimate users to be locked out of devices or facilitate backdoor account creation by spoofing a device on the loca...

CWE-2902022

CVE-2022-40269

HIGH
CVSS:8.1(High)

Authentication Bypass by Spoofing vulnerability in Mitsubishi Electric Corporation GOT2000 Series GT27 model versions 01.14.000 to 01.47.000, Mitsubishi Electric Corporation GOT2000 Series GT25 model ...

CWE-2902022