Description
Eduserv OpenAthens SP 2.0 for Java allows remote attackers to forge messages and bypass authentication via a SAML assertion that lacks a Signature element, aka a "Signature exclusion attack."
References (2)
Core 2
Core References
Various Sources x_refsource_confirm
http://status.openathens.net/adv.php
Various Sources x_refsource_misc
http://www.nds.rub.de/media/nds/veroeffentlichungen/2012/08/22/BreakingSAML_3.pdf
Scores
EPSS
0.0215
EPSS Percentile
79.9%
Details
CWE
CWE-287
Status
published
Products (1)
eduserv/openathens_service_provider
2.0
Published
Oct 09, 2012
Tracked Since
Feb 18, 2026