Harsh Jaiswal

GitHub Enterprise SAML Authentication Bypass (CVE-2024-4985 / CVE-2024-9487) — ProjectDiscovery Blog Introduction In light of the recent Ruby-SAML bypass discovered in GitLab, we set out to examine the SAML implementation within GitHub Enterprise. During our research, we identified a significant vul...

First post here! GitHub Enterprise SAML Authentication Bypass (CVE-2024-4985 / CVE-2024-9487)

We dive into GitHub Enterprise’s SAML implementation and explore an authentication bypass in encrypted assertion mode.

projectdiscovery.io/blog/github-...