The SimpleSAML_Auth_TimeLimitedToken class in SimpleSAMLphp 1.14.14 and earlier allows attackers with access to a secret token to extend its validity period by manipulating the prepended time offset.
CPE | Name | Operator | Version |
---|---|---|---|
simplesamlphp | le | 1.14.14 |