Security Advisory

CVE-2019-10201

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2019-08-14 16:09:39

Last updated 2024-08-04 22:17:19

Assigner redhat

State PUBLISHED

Description

It was found that Keycloaks SAML broker, versions up to 6.0.1, did not verify missing message signatures. If an attacker modifies the SAML Response and removes the <Signature> sections, the message is still accepted, and the message can be modified. An attacker could use this flaw to impersonate other users and gain access to sensitive information.

← Browse all CVEs View on cve.org ↗