You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
An authentication bypass vulnerability exits in OpenAM.
Even in the configuration that requires an additional authentication factor such as OTP, it is possible for a malicious user to bypass it and be authenticated only by providing his/her User ID and Password.
This vulnerability is applicable only when OpenAM is configured as a SAML 2.0 IdP that switches authentication methods based on a received authentication context.
Description
An authentication bypass vulnerability exits in OpenAM.
Even in the configuration that requires an additional authentication factor such as OTP, it is possible for a malicious user to bypass it and be authenticated only by providing his/her User ID and Password.
This vulnerability is applicable only when OpenAM is configured as a SAML 2.0 IdP that switches authentication methods based on a received authentication context.
Reference
The text was updated successfully, but these errors were encountered: