all InfoSec news
SSA-638652 V1.0: Authentication Bypass Vulnerability in Mendix SAML Module
Siemens ProductCERT Security Advisories cert-portal.siemens.com
The Mendix SAML module insufficiently protects from packet capture replay. This could allow unauthorized remote attackers to bypass authentication and get access to the application.
Mendix has provided fix releases for the Mendix SAML module and recommends to update to the latest version.
Note: For compatibility reasons, fix versions still contain this issue, but only when the not recommended, non default configuration option 'Allow Idp Initiated Authentication' is enabled.
access application attackers authentication authentication bypass bypass bypass vulnerability capture compatibility fix latest packet packet capture releases replay saml ssa unauthorized update version vulnerability