Summary
An authentication bypass vulnerability was found in ruby-saml due to a parser differential.
ReXML and Nokogiri parse XML differently, the parsers can generate entirely different document structures from the same XML input. That allows an attacker to be able to execute a Signature Wrapping attack.
Impact
This issue may lead to authentication bypass.
Summary
An authentication bypass vulnerability was found in ruby-saml due to a parser differential.
ReXML and Nokogiri parse XML differently, the parsers can generate entirely different document structures from the same XML input. That allows an attacker to be able to execute a Signature Wrapping attack.
Impact
This issue may lead to authentication bypass.