CVE-2008-3891
Google Apps - SAML Authentication Impersonation via Missing Request Identifier and Recipient Field
Title source: llmDescription
The SAML Single Sign-On (SSO) Service for Google Apps allows remote service providers to impersonate users at arbitrary service providers via vectors related to authentication responses that lack a request identifier and recipient field.
References (2)
Core 2
Core References
Third Party Advisory, US Government Resource x_refsource_confirm
http://www.kb.cert.org/vuls/id/MIMG-7FQGWU
US Government Resource third-party-advisory
x_refsource_cert-vn
http://www.kb.cert.org/vuls/id/612636
Scores
EPSS
0.0051
EPSS Percentile
39.8%
Details
CWE
CWE-287
Status
published
Products (1)
google/google_apps
Published
Sep 03, 2008
Tracked Since
Feb 18, 2026