CVE-2017-11427

HIGH

OneLogin PythonSAML < 2.3.0 - Authentication Bypass via SAML Signature Validation Flaw

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2017-11427. PoCs published by CHYbeta.

AI-analyzed exploit summary This repository contains a proof-of-concept for CVE-2017-11427, demonstrating a SAML authentication bypass via XML comment injection. The exploit manipulates the SAMLResponse to impersonate another user by inserting comments into the email field.

Description

OneLogin PythonSAML 2.3.0 and earlier may incorrectly utilize the results of XML DOM traversal and canonicalization APIs in such a way that an attacker may be able to manipulate the SAML data without invalidating the cryptographic signature, allowing the attack to potentially bypass authentication to SAML service providers.

Exploits (1)

nomisec WORKING POC 12 stars
by CHYbeta · poc
https://github.com/CHYbeta/CVE-2017-11427-DEMO

This repository contains a proof-of-concept for CVE-2017-11427, demonstrating a SAML authentication bypass via XML comment injection. The exploit manipulates the SAMLResponse to impersonate another user by inserting comments into the email field.

Classification
Working Poc 90%
Attack Type
Auth Bypass
Complexity
Moderate
Reliability
Reliable
Target: SAML-based single sign-on systems (e.g., OneLogin)
Auth required
Prerequisites: Access to a vulnerable SAML-based authentication system · Valid credentials for an initial user account · Ability to intercept and modify SAML responses (e.g., via Burp Suite)
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (2)

Core 2
Core References
Exploit, Technical Description, Third Party Advisory x_refsource_misc
https://duo.com/blog/duo-finds-saml-vulnerabilities-affecting-multiple-implementations
Third Party Advisory, US Government Resource x_refsource_misc
https://www.kb.cert.org/vuls/id/475445

Scores

CVSS v3 7.7
EPSS 0.0343
EPSS Percentile 87.8%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N

Details

CWE
CWE-287
Status published
Products (2)
onelogin/pythonsaml < 2.3.0
pypi/python-saml 0 - 2.4.0PyPI
Published Apr 17, 2019
Tracked Since Feb 18, 2026