Back to list
*Note: Email address will appear as "user domain ext" to prevent harvesting.
[RT-SA-2017-013] Truncation of SAML Attributes in Shibboleth 2
Jan 15 2018 03:11PM
RedTeam Pentesting GmbH (release redteam-pentesting de)
Advisory: Truncation of SAML Attributes in Shibboleth 2
RedTeam Pentesting discovered that the shibd service of Shibboleth 2
does not extract SAML attribute values in a robust manner. By inserting
XML entities into a SAML response, attackers may truncate attribute
values without breaking the docume...
[ more ]
Copyright 2010, SecurityFocus