OUTSOURCED CYBERSECURITY SUPPORT AND MANAGED SERVICES

Vulnerability & Exploit Database

Vulnerabilities and exploits collected over reliable resources for security professionals and researchers to review

FreeBSD: VID-FB67567A-5D95-11EB-A955-08002728F74C (CVE-2021-21239): pysaml2 -- multiple vulnerabilities

Severity:
4
CVSS:
(AV:N/AC:M/Au:N/C:N/I:P/A:N)
Published:
01/20/2020
Created:
01/28/2020
Added:
01/27/2020
Modified:
02/24/2020

Description:

PySAML2 is a pure python implementation of SAML Version 2 Standard. PySAML2 before 6.5.0 has an improper verification of cryptographic signature vulnerability. Users of pysaml2 that use the default CryptoBackendXmlSec1 backend and need to verify signed SAML documents are impacted. PySAML2 does not ensure that a signed SAML document is correctly signed. The default CryptoBackendXmlSec1 backend is using the xmlsec1 binary to verify the signature of signed SAML documents, but by default xmlsec1 accepts any type of key found within the given document. xmlsec1 needs to be configured explicitly to only use only _x509 certificates_ for the verification process of the SAML document signature. This is fixed in PySAML2 6.5.0.'

Solution(s)


  • freebsd-upgrade-package-py36-pysaml2
  • freebsd-upgrade-package-py37-pysaml2
  • freebsd-upgrade-package-py38-pysaml2
  • freebsd-upgrade-package-py39-pysaml2
WHAT WE DO

OTHER SERVICES

Consulting Services

We help your team successfully protect your company within your budget.

LEARN MORE

Application Security Services

Achieve more-secure applications, compliant environments, and safer systems development with streamlined and repeatable processes.

LEARN MORE

Data Security Services

Protectyour critical data across multiple environments, meet privacy regulations and simplify operational complexity.

LEARN MORE

Cloud Security Testing Services

Identify cloud vulnerabilities that tools alone cannot find.

LEARN MORE

Security Risk Services

Secure your operations and respond to threats with accuracy and speed.

LEARN MORE

Cloud Security Monitoring Services

Real-time threat detection across your cloud deployments.

LEARN MORE