Anyone know whether or not BigFix SAML is affected by the just-announced OpenSAML vulnerability? Our ITSO is considering this a “patch/remediate NOW” situation and I’m not sure where or whether to look for anything in BigFix. /cc @JasonWalker
(also posted to Slack)
Okay… it appears that this may be specifically related to the Shibboleth implementation of SAML and not SAML in general. However, I’ve also heard that Ruby SAML also had a security vulnerability, so there may be some relevant code-sharing between implementations.
(We’re currently in the middle of a Shib/SAML Zoom war room…)
1 Like