On Wed, Jan 12, 2022, 01:41 Jürgen Kuri <juergen.k...@ionos.com> wrote:
> El 11.01.22 a las 22:21, Mike Jumper escribió: > > Severity: high > > > > Description: > > > > Apache Guacamole 1.2.0 and 1.3.0 do not properly validate responses > > received from a SAML identity provider. If SAML support is enabled, > > this may allow a malicious user to assume the identity of another > > Guacamole user. > > > > Credit: > > > > We would like to thank Finn Steglich (ETAS) for reporting this issue. > > > > --------------------------------------------------------------------- > > To unsubscribe, e-mail: user-unsubscr...@guacamole.apache.org > > For additional commands, e-mail: user-h...@guacamole.apache.org > > > Hello, > > which component is affected here, backend (guacd) or frontend (.war) or > both? > The SAML authentication extension for the webapp. - Mike