CVE-2008-3891

Google Apps - Auth Bypass

Title source: llm

Description

The SAML Single Sign-On (SSO) Service for Google Apps allows remote service providers to impersonate users at arbitrary service providers via vectors related to authentication responses that lack a request identifier and recipient field.

References (2)

[US Government Resource] http://www.kb.cert.org/vuls/id/612636

[Third Party Advisory, US Government Resource] http://www.kb.cert.org/vuls/id/MIMG-7FQGWU

Scores

EPSS 0.0018

EPSS Percentile 39.8%

Classification

CWE

CWE-287

Status draft

Affected Products (1)

google/google_apps

Timeline

Published Sep 03, 2008

Tracked Since Feb 18, 2026