Vulnerability Details : CVE-2015-5372
The SAML 2.0 implementation in AdNovum nevisAuth 4.13.0.0 before 4.18.3.1, when using SAML POST-Binding, does not match all attributes of the X.509 certificate embedded in the assertion against the certificate from the identity provider (IdP), which allows remote attackers to inject arbitrary SAML assertions via a crafted certificate.
Vulnerability category: BypassGain privilege
Products affected by CVE-2015-5372
- cpe:2.3:a:adnovum:nevisauth:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2015-5372
0.55%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 74 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2015-5372
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
5.0
|
MEDIUM | AV:N/AC:L/Au:N/C:N/I:P/A:N |
10.0
|
2.9
|
NIST |
CWE ids for CVE-2015-5372
-
When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.Assigned by: nvd@nist.gov (Primary)
References for CVE-2015-5372
-
http://www.csnc.ch/misc/files/advisories/CVE-2015-5372_AdNovum_nevisAuth_Authentication_Bypass.txt
404 Not Found
-
http://www.securityfocus.com/archive/1/536508/100/0/threaded
SecurityFocus
-
http://packetstormsecurity.com/files/133628/nevisAuth-Authentication-Bypass.html
nevisAuth Authentication Bypass ≈ Packet Storm
-
http://seclists.org/fulldisclosure/2015/Sep/87
Full Disclosure: CVE-2015-5372 SAML SP Authentication Bypass in nevisAuth
-
http://blog.csnc.ch/2015/09/saml-sp-authentication-bypass-vulnerability-in-nevisauth
SAML SP Authentication Bypass Vulnerability in nevisAuth – Compass Security Blog
Jump to