2 Videos for SAML: CVE-2021-21239

In this video, we introduce the CVE-2021-21239 challenge as part of the authentication and authorization badge. We discuss the SAML response structure, its signing process, and the vulnerability that allows bypassing trust by embedding a key directly in the signed information.

In this video, we explore the exploitation of CVE-2021-21239, a vulnerability in XMLSec that allows attackers to manipulate SAML responses by prioritizing key-value elements over pre-configured certificates. This enables unauthorized access by signing messages with a controlled RSA key.