No SAML Response Signature Check

Severity: High

Invicti detected that the target application is vulnerable to a No SAML Response signature check.

The web application uses SAML. The web application's SAML Consumer Service doesn't check the SAML Response signature. An authenticated attacker may be able to use it to escalate privileges to a high privileged user or to take over the accounts of other users in the application.


Account takeover and/or privilege escalation.


Change the configuration of the SAML service to require a valid signature for SAML Response.

Invicti Logo

Dead accurate, fast & easy-to-use Web Application Security Scanner

Get a demo