Vulnerability report: authentication bypass?
morgan at orst.edu
Fri Mar 2 11:43:05 EST 2018
On Fri, 2 Mar 2018, Zico wrote:
> Please pardon me if I missed any email thread on this issue... but .. it
> just got our attention.
> Do we need to patch our IdP for this?
See the thread on this mailing list with Subject "Shibboleth Service
Provider Security Advisory [27 February 2018]".
The short answer is no. There is nothing to patch in the IDP. However,
you should probably look into using encryption with all SPs to mitigate
More information about the users