litesaml/lightsaml is vulnerable to Use of a Broken or Risky Cryptographic Algorithm
37
Low Risk
litesaml/lightsaml defaults to the SHA1 algorithm when signing outbound SAML messages, both in KeyHelper::createPrivateKey() and in the SignatureWriter digest algorithm. Messages such as AuthnRequest and SAML responses are therefore signed with a deprecated, collision-prone hash unless the caller explicitly selects a stronger algorithm. This weakens the integrity guarantees of the XML signatures the library produces and lets them be accepted by relying parties that still trust SHA1. The fix changes the default signing and digest algorithm to SHA256.
You are affected if you are using a version that falls within the vulnerable range and you rely on the library's default algorithm to sign outbound SAML messages.
litesaml/lightsaml is vulnerable to Use of a Broken or Risky Cryptographic Algorithm in versions 0.1.0 - 4.6.1.
Upgrade the litesaml/lightsaml library to the patch version.
Connect your repositories to instantly see whether vulnerable or malicious packages exist in your codebase.
Free. No credit card required.

SOC 2Compliant
ISO 27001Compliant