FreeBSD : opensaml2 -- unauthenticated login (9f14cb36-b6fc-11e0-a044-445c73746d79)
Medium Nessus Plugin ID 55681
SynopsisThe remote FreeBSD host is missing a security-related update.
DescriptionOpenSAML developer reports :
The Shibboleth software relies on the OpenSAML libraries to perform verification of signed XML messages such as attribute queries or SAML assertions. Both the Java and C++ versions are vulnerable to a so-called 'wrapping attack' that allows a remote, unauthenticated attacker to craft specially formed messages that can be successfully verified, but contain arbitrary content.
SolutionUpdate the affected package.