Vulnerability report: authentication bypass?
Zico
mailzico at gmail.com
Fri Mar 2 12:04:01 EST 2018
Thanks a lot for quick response, Andrew!
Appreciated!
On Fri, Mar 2, 2018 at 10:43 AM, Andrew Morgan <morgan at orst.edu> wrote:
> On Fri, 2 Mar 2018, Zico wrote:
>
> Hi,
>>
>> Please pardon me if I missed any email thread on this issue... but .. it
>> just got our attention.
>> Do we need to patch our IdP for this?
>> https://www.kb.cert.org/vuls/id/475445
>>
>
> Zico,
>
> See the thread on this mailing list with Subject "Shibboleth Service
> Provider Security Advisory [27 February 2018]".
>
> The short answer is no. There is nothing to patch in the IDP. However,
> you should probably look into using encryption with all SPs to mitigate
> this vulnerability.
>
> Thanks,
> Andy
> --
> For Consortium Member technical support, see
> https://wiki.shibboleth.net/confluence/x/coFAAg
> To unsubscribe from this list send an email to
> users-unsubscribe at shibboleth.net
>
--
Best,
Zico
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://shibboleth.net/pipermail/users/attachments/20180302/7bf16176/attachment.html>
More information about the users
mailing list