Vulnerability report: authentication bypass?
Andrew Morgan
morgan at orst.edu
Fri Mar 2 11:43:05 EST 2018
On Fri, 2 Mar 2018, Zico wrote:
> Hi,
>
> Please pardon me if I missed any email thread on this issue... but .. it
> just got our attention.
> Do we need to patch our IdP for this?
> https://www.kb.cert.org/vuls/id/475445
Zico,
See the thread on this mailing list with Subject "Shibboleth Service
Provider Security Advisory [27 February 2018]".
The short answer is no. There is nothing to patch in the IDP. However,
you should probably look into using encryption with all SPs to mitigate
this vulnerability.
Thanks,
Andy
More information about the users
mailing list