Retired Hash Function in SAML Response

Severity: Information

Summary#

Invicti detected that the target application is vulnerable to an Retired hash function in SAML Response.

The web application uses SAML. The web application's SAML Consumer Service uses a retired hash function for the digital signature. An authenticated attacker may be able to use it to escalate privileges to a high privileged user or to takeover accounts of other users in the application.

Impact#

Account takeover and/or privilege escalation

Remediation#

Change the configuration of the SAML service to require a more secure hash function for the digital signature

Classifications#

CWE-16

Select Category

Critical
High
Medium
Low
Best Practice
Information

Search Vulnerability

Related Vulnerabilities

Retired Hash Function in SAML Response

Related Articles

Build your resistance to threats. And save hundreds of hours each month.