Full title: FusionAuth SAML v 2 0.2.3 Message Forging Vulnerability 
Category: local exploits
Platform: java
Unauthenticated users can send forged messages to the FusionAuth to bypass authentication, impersonate other users or gain arbitrary roles. The SAML message can be send to the application without a signature even if this is required. The impact depends on individual applications that implement fusionauth-samlv2. Version 0.2.3 is vulnerable.

# 0day.today @ http://0day.today/