### Summary An authentication bypass vulnerability exists due to a flaw in the libxml2 canonicalization process, which is used by [xmlseclibs](https://github.com/robrichards/xmlseclibs) during document transformation. This weakness allows an attacker to generate a valid signature once and reuse it indefinitely. In practice, a signature created during a previous interaction - or through a misconfigured authentication flow - can be replayed to bypass authentication checks. ### Details When libxml2’s canonicalization is invoked on an invalid XML input, it may return an empty string rather than a…
GHSA-c4cc-x928-vjw9: robrichards/xmlseclibs has an Libxml2 Canonicalization error which can bypass Digest/Signature validation
robrichards/xmlseclibs has a Libxml2 Canonicalization error allowing signature replay attacks to bypass authentication.