Description
The SAML 2.0 implementation in AdNovum nevisAuth 4.13.0.0 before 4.18.3.1, when using SAML POST-Binding, does not match all attributes of the X.509 certificate embedded in the assertion against the certificate from the identity provider (IdP), which allows remote attackers to inject arbitrary SAML assertions via a crafted certificate.
References (5)
Core 5
Core References
Exploit, Third Party Advisory x_refsource_misc
http://packetstormsecurity.com/files/133628/nevisAuth-Authentication-Bypass.html
Mailing List mailing-list
x_refsource_fulldisc
http://seclists.org/fulldisclosure/2015/Sep/87
Various Sources x_refsource_misc
http://www.csnc.ch/misc/files/advisories/CVE-2015-5372_AdNovum_nevisAuth_Authentication_Bypass.txt
Third Party Advisory, VDB Entry mailing-list
x_refsource_bugtraq
http://www.securityfocus.com/archive/1/536508/100/0/threaded
Various Sources x_refsource_misc
http://blog.csnc.ch/2015/09/saml-sp-authentication-bypass-vulnerability-in-nevisauth
Scores
EPSS
0.0087
EPSS Percentile
54.3%
Details
CWE
CWE-287
Status
published
Products (1)
adnovum/nevisauth
< 4.18.3.0
Published
Sep 28, 2015
Tracked Since
Feb 18, 2026