Summary

Acunetix 360 detected that the target application is vulnerable to a No SAML Response signature check.

The web application uses SAML. The web application's SAML Consumer Service doesn't check the SAML Response signature. An authenticated attacker may be able to use it to escalate privileges to a high privileged user or to take over the accounts of other users in the application.

Impact

Account takeover and/or privilege escalation.

Remediation

Change the configuration of the SAML service to require a valid signature for SAML Response.

Severity

High

Classification

CWE-16 ISO27001-a.14.2.5 WASC-15 OWASP 2013-A5 OWASP 2017-A6 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H