Vulnerability report: authentication bypass?
mailzico at gmail.com
Fri Mar 2 12:04:01 EST 2018
Thanks a lot for quick response, Andrew!
On Fri, Mar 2, 2018 at 10:43 AM, Andrew Morgan <morgan at orst.edu> wrote:
> On Fri, 2 Mar 2018, Zico wrote:
>> Please pardon me if I missed any email thread on this issue... but .. it
>> just got our attention.
>> Do we need to patch our IdP for this?
> See the thread on this mailing list with Subject "Shibboleth Service
> Provider Security Advisory [27 February 2018]".
> The short answer is no. There is nothing to patch in the IDP. However,
> you should probably look into using encryption with all SPs to mitigate
> this vulnerability.
> For Consortium Member technical support, see
> To unsubscribe from this list send an email to
> users-unsubscribe at shibboleth.net
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the users