CVE-2018-7340

HIGH Year: 2018
CVSS v3 Score
7.7
High
CVSS v2 Score
5.0
Medium
Weakness Type
CWE-287
View all →

Vulnerability Description

Duo Network Gateway 1.2.9 and earlier may incorrectly utilize the results of XML DOM traversal and canonicalization APIs in such a way that an attacker may be able to manipulate the SAML data without invalidating the cryptographic signature, allowing the attack to potentially bypass authentication to SAML service providers.

Related Vulnerabilities

CVE-2015-7974

HIGH
CVSS:7.7(High)

NTP 4.x before 4.2.8p6 and 4.3.x before 4.3.90 do not verify peer associations of symmetric keys when authenticating packets, which might allow remote attackers to conduct impersonation attacks via an...

CWE-2872015

CVE-2021-26073

HIGH
CVSS:7.7(High)

Broken Authentication in Atlassian Connect Express (ACE) from version 3.0.2 before version 6.6.0: Atlassian Connect Express is a Node.js package for building Atlassian Connect apps. Authentication bet...

CWE-2872021

CVE-2024-57490

HIGH
CVSS:7.7(High)

Guangzhou Hongfan Technology Co., LTD. iOffice20 has any user login vulnerability. An attacker can log in to any system account including the system administrator through a logical flaw.

CWE-2872024

CVE-2025-2230

HIGH
CVSS:7.7(High)

A flaw exists in the Windows login flow where an AuthContext token can be exploited for replay attacks and authentication bypass.

CWE-2872025

CVE-2011-4338

HIGH
CVSS:7.8(High)

Shaman 1.0.9: Users can add the line askforpwd=false to his shaman.conf file, without entering the root password in shaman. The next time shaman is run, root privileges are granted despite the fact th...

CWE-2872011

CVE-2013-5582

HIGH
CVSS:7.8(High)

Ammyy Admin 3.2 and earlier stores the client ID at a fixed memory location, which might make it easier for user-assisted remote attackers to bypass authentication by running a local program that extr...

CWE-2872013