The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a vigilance database and tools to fix them.

Computer vulnerabilities of OpenSAML-J

OpenSAML Java: incomplete certificate validation
An attacker can use any valid certificate on a malicious server, and then invite an Apache HttpClient 3 to connect there, in order to spy communications even if encryption is used...
5695611, 5695629, 5695653, 5695851, 964764, CVE-2014-3603, FEDORA-2015-10175, FEDORA-2015-10235, VIGILANCE-VUL-17608
OpenSAML Java: invalid trust by MetadataPKIX
An attacker with a certificate provided by one of the Trust Anchors indicated in shibmd:KeyAuthority can impersonate the identity of an entity, in order to escalate his privileges on an application using OpenSAML Java...
VIGILANCE-VUL-16270
OpenSAML Java: incomplete certificate validation
An attacker can use any valid certificate on a malicious server, and then invite an OpenSAML Java to connect there, in order to spy communications even if encryption is used...
CVE-2014-3607, VIGILANCE-VUL-15388
Our database contains other pages. You can request a free trial to read them.

Display information about OpenSAML-J: