Hi Mark We don't believe we are vulnerable to XML signature wrapping (XSW) attacks. One of the authors of the original On Breaking SAML paper contacted us in 2012 and shortly afterwards we provided an update which prevents this type of attack.
Regards ComponentSpace Development
|