6.5 Medium
AI Score
Confidence
Low
0.001 Low
EPSS
Percentile
51.0%
The SimpleSAML_Auth_TimeLimitedToken class in SimpleSAMLphp 1.14.14 and earlier allows attackers with access to a secret token to extend its validity period by manipulating the prepended time offset.
lists.debian.org/debian-lts-announce/2017/12/msg00007.html
simplesamlphp.org/security/201708-01
www.debian.org/security/2018/dsa-4127