Tag
xml-signature-wrapping
Safeguard articles tagged "xml-signature-wrapping" — guides, analysis, and best practices for software supply chain and application security.
2 articles
Application Security
SAML SSO vulnerabilities: signature wrapping and assertion replay explained
A 2024 ruby-saml flaw (CVE-2024-45409, CVSS 9.8) let attackers forge SAML assertions and log in as any user, including admins — seven years after the same bug class was first disclosed.
Jul 8, 20266 min read
Vulnerability Analysis
XML signature wrapping attacks explained
XML signature wrapping lets attackers forge signed SOAP and SAML messages without breaking the signature. Here's how the attack works and how to stop it.
Dec 4, 20257 min read