Knowledge Base

Support Policies

SAML Vulnerability Disclosed by Duo (VU#475445)


On February 27, 2018, Duo disclosed a SAML vulnerability that could allow an attacker to authenticate as a different user.



After an internal security review, SecureAuth + Core Security can confirm no versions of SecureAuth or Core Security SAML products are affected by the SAML XML canonicalization and DOM traversal vulnerability (VU#475445). No action is required.


For any questions, please contact SecureAuth Support. You can also read more about this topic on our blog.

Have more questions? Submit a request


Please sign in to leave a comment.