No SAML Response Signature Check

Severity: High
Summary#

Invicti detected that the target application is vulnerable to a No SAML Response signature check.

The web application uses SAML. The web application's SAML Consumer Service doesn't check the SAML Response signature. An authenticated attacker may be able to use it to escalate privileges to a high privileged user or to take over the accounts of other users in the application.

Impact#

Account takeover and/or privilege escalation.

Remediation#

Change the configuration of the SAML service to require a valid signature for SAML Response.

Build your resistance to threats. And save hundreds of hours each month.

Get a demo See how it works