CVEs-PoC/2020/CVE-2020-12676.md at b0e96c877abb080d7cf221c036336480ff266ccf

CalvinBackup/CVEs-PoC

Fork 0

mirror of https://github.com/0xMarcio/cve.git synced 2026-05-09 19:17:37 +02:00

Files

T

0xMarcio 48a00929ac Removed duplicates

2024-06-18 02:51:15 +02:00

813 B

Raw Blame History

CVE-2020-12676

Description

FusionAuth fusionauth-samlv2 0.2.3 allows remote attackers to forge messages and bypass authentication via a SAML assertion that lacks a Signature element, aka a "Signature exclusion attack".

POC

Reference

http://packetstormsecurity.com/files/159454/FusionAuth-SAMLv2-0.2.3-Message-Forging.html
http://seclists.org/fulldisclosure/2020/Oct/1

Github

https://github.com/CompassSecurity/SAMLRaider
https://github.com/FusionAuth/fusionauth-samlv2

813 B Raw Blame History

CVE-2020-12676

Description

POC

Reference

Github

813 B

Raw Blame History