a good thing!
Ping Products Aren't Affected by New SAML Vulnerability
Virtually every day, we hear something new about the vulnerabilities and attacks on enterprise cybersecurity initiatives. The latest issue has many organizations on alert. The risk lies in how multiple SAML open-source libraries are allowing authentication to be bypassed due to incorrect parsing of SAML assertions. This is a result of improper XML canonicalization.
Ping Identity is happy to inform you that our products aren’t affected by this vulnerability, and we don’t integrate with—nor do we ship—any of the affected libraries listed in the Vulnerability Note VU#475445 published by CERT.
To protect your organization, we highly encourage customers to review their use of open-source libraries, especially those listed in the Vulnerability Note. Where SAML products are used, don’t hesitate to challenge your vendors to confirm that their products haven’t been affected by this vulnerability.