CVE-2012-5353

Eduserv OpenAthens SP 2.0 - Auth Bypass

Title source: llm

Description

Eduserv OpenAthens SP 2.0 for Java allows remote attackers to forge messages and bypass authentication via a SAML assertion that lacks a Signature element, aka a "Signature exclusion attack."

References (2)

[Various Sources] http://status.openathens.net/adv.php

[Various Sources] http://www.nds.rub.de/media/nds/veroeffentlichungen/2012/08/22/BreakingSAML_3.pdf

Scores

EPSS 0.0015

EPSS Percentile 36.1%

Classification

CWE

CWE-287

Status draft

Affected Products (1)

eduserv/openathens_service_provider

Timeline

Published Oct 09, 2012

Tracked Since Feb 18, 2026