CVE-2015-5372

AdNovum nevisAuth <4.18.3.1 - Info Disclosure

Title source: llm

Description

The SAML 2.0 implementation in AdNovum nevisAuth 4.13.0.0 before 4.18.3.1, when using SAML POST-Binding, does not match all attributes of the X.509 certificate embedded in the assertion against the certificate from the identity provider (IdP), which allows remote attackers to inject arbitrary SAML assertions via a crafted certificate.

References (5)

[Various Sources] http://blog.csnc.ch/2015/09/saml-sp-authentication-bypass-vulnerability-in-nevisauth

[Exploit, Third Party Advisory] http://packetstormsecurity.com/files/133628/nevisAuth-Authentication-Bypass.html

[Mailing List] http://seclists.org/fulldisclosure/2015/Sep/87

[Various Sources] http://www.csnc.ch/misc/files/advisories/CVE-2015-5372_AdNovum_nevisAuth_Authentication_Bypass.txt

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/archive/1/536508/100/0/threaded

Scores

EPSS 0.0020

EPSS Percentile 41.4%

Classification

CWE

CWE-287

Status draft

Affected Products (1)

adnovum/nevisauth < 4.18.3.0

Timeline

Published Sep 28, 2015

Tracked Since Feb 18, 2026