Apache Guacamole is a clientless remote desktop gateway from the Apache Foundation in the United States. The product supports protocols such as VNC, RDP, and SSH. A security vulnerability exists in Apache Guacamole 1.2.0 and 1.3.0, which stems from the failure of Apache Guacamole 1.2.0 and 1.3.0 to properly validate responses received from the SAML identity provider. If SAML support is enabled, this could allow a malicious user to impersonate another Guacamole user. No detailed vulnerability details are currently available.