IBM Tivoli Federated Identity Manager XML Signature Validation Bypass
Medium Nessus Plugin ID 70126
SynopsisThe remote host has an application installed that is affected by a signature validation bypass vulnerability.
DescriptionThe version of IBM Tivoli Federated Identity Manager installed on the remote Windows host is affected by a signature validation bypass vulnerability due to improper validation of XML signatures related to certain single sign-on protocols and token modules. A remote, unauthenticated attacker can exploit this, via a specially crafted message, to perform actions as another user.
SolutionUpgrade to Tivoli Federated Identity Manager 22.214.171.124 / 126.96.36.199 / 188.8.131.52 / 184.108.40.206 or later.