Get a demo
100% Signal 0% Noise Invicti Logo - The Largest Dynamic Application Security Solutions Provider In The World Get a demo
Web Application Vulnerabilities Runtime SCA Findings
Looking for the vulnerability index of Invicti's legacy products?
Invicti Enterprise Acunetix Standard & Premium
No SAML Respose signature check - Vulnerability Database

No SAML Respose signature check

Description

The web application uses SAML. The web application's SAML Consumer Service doesn't check SAML Response signature.
An authenticated attacker may be able to use it to escalate privileges to a high privileged user or to takeover accounts of other users in the application.

Remediation

Change configuration of the SAML service to require a valid signature for SAML Response

References

Security Assertion Markup Language

Related Vulnerabilities

SAML Response without signature High
Common tags: Privilege Escalation Api Broken Auth Api Misconfiguration
SAML Respose signature exclusion High
Common tags: Privilege Escalation Api Broken Auth Api Misconfiguration
JWT Signature Bypass via unvalidated jku parameter High
Common tags: Api Broken Auth Api Misconfiguration
Retired hash function in SAML Response Information
Common tags: Privilege Escalation Api Broken Auth
Unvalidated JWT jku parameter High
Common tags: Api Broken Auth Api Misconfiguration

Severity

High

Classification

CWE-16
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:H/SI:H/SA:N

Tags

Privilege Escalation
Api Broken Auth
Api Misconfiguration