Insufficiently Protected Credentials

SimpleSAMLphp is vulnerable to Insufficiently Protected Credentials. The vulnerability is due to credentials being insecurely saved to the user's session state when the ECP profile is disabled but supported in the Identity Provider's metadata, which could result in an attacker with administrator...

Cross-site Scripting (XSS)

SimpleSAMLphp is vulnerable to Cross-site Scripting XSS. The vulnerability is due to unvalidated metadata endpoints, allowing malicious parties to substitute URLs with JavaScript code, leading to execution of the code in the user's browser if strict Content Security Policies are not enforced...

Information Disclosure

simplesamlphp/simplesamlphp is vulnerable to Information Disclosure. The vulnerability is due to insufficient access controls on the admin interface endpoint, allowing unauthenticated users to view sensitive information about the host where SimpleSAMLphp is installed...

Open Redirect

simplesamlphp/simplesamlphp is vulnerable to Open Redirect. The vulnerability is due to improper validation of URLs in request parameters, allowing an attacker to redirect a user to a malicious site...

SimpleSAMLphp Information Disclosure vulnerability

Background SimpleSAMLphp 1.17 includes a preview of the new user interface to be included in the future version 2.0. This new user interface can be enabled by setting the usenewui configuration option to true, and it includes a new admin interface in a module called admin, which can be disabled...

GHSA-PPM4-R2VC-PG74 SimpleSAMLphp Information Disclosure vulnerability

Background SimpleSAMLphp 1.17 includes a preview of the new user interface to be included in the future version 2.0. This new user interface can be enabled by setting the usenewui configuration option to true, and it includes a new admin interface in a module called admin, which can be disabled...

GHSA-VPR3-CW3H-PRW8 SimpleSAMLphp Reflected Cross-site Scripting vulnerability

Background SimpleSAMLphp uses metadata to determine how to interact with other SAML entities. This metadata includes what’s called endpoints, which are URLs belonging to that entity where SAML messages can be sent. These URLs are used directly by SimpleSAMLphp when a message is sent, either via a...

SimpleSAMLphp Reflected Cross-site Scripting vulnerability

Background SimpleSAMLphp uses metadata to determine how to interact with other SAML entities. This metadata includes what’s called endpoints, which are URLs belonging to that entity where SAML messages can be sent. These URLs are used directly by SimpleSAMLphp when a message is sent, either via a...

SimpleSAMLphp exposes credentials in session storage

Background In order to implement support for the SAML Enhanced Client or Proxy profile, the credentials obtained for authentication were stored in the state in order to pass them to the relevant routines. This, however, led to the credentials being recorded in the user’s session, which can be...

GHSA-7WH8-JRQ7-P27F SimpleSAMLphp exposes credentials in session storage

Background In order to implement support for the SAML Enhanced Client or Proxy profile, the credentials obtained for authentication were stored in the state in order to pass them to the relevant routines. This, however, led to the credentials being recorded in the user’s session, which can be...

GHSA-V858-922F-FJ9V SimpleSAMLphp Link Injection vulnerability

Background Several scripts part of SimpleSAMLphp display a web page with links obtained from the request parameters. This allows us to enhance usability, as the users are presented with links they can follow after completing a certain action, like logging out. Description The following scripts we...

SimpleSAMLphp Link Injection vulnerability

Background Several scripts part of SimpleSAMLphp display a web page with links obtained from the request parameters. This allows us to enhance usability, as the users are presented with links they can follow after completing a certain action, like logging out. Description The following scripts we...

PT-2024-40406 · Unknown · Simplesamlphp

Name of the Vulnerable Software and Affected Versions: SimpleSAMLphp versions 1.17 up to 1.17.7 Description: The issue concerns an endpoint in the admin module of SimpleSAMLphp that exposes the output of the phpinfo PHP function, allowing any individual to access it without authenticating and...

PT-2024-40273 · Unknown · Simplesamlphp

Name of the Vulnerable Software and Affected Versions: SimpleSAMLphp versions prior to 1.14.17 Description: A signature validation bypass issue has been found in the SimpleSAML XML Validator class, which performs the verification of the XML digital signature of a SAML 1 message with a given key...

PT-2024-40484 · Unknown · Simplesamlphp

Name of the Vulnerable Software and Affected Versions: SimpleSAMLphp versions prior to 1.17.3 Description: The issue arises from SimpleSAMLphp's trust in metadata when sending SAML messages to other entities. If a malicious party alters the metadata to include JavaScript code in endpoint URLs,...

PT-2024-40468 · Unknown · Simplesamlphp

Name of the Vulnerable Software and Affected Versions: SimpleSAMLphp versions prior to 1.14.4 Description: The issue allows attackers to display links targeting a malicious website inside a trusted site running SimpleSAMLphp, due to the lack of security checks involving the link href and retryURL...

xml-security Data Forgery Issue Vulnerability

xml-security is SimpleSAMLphp open source library. xml-security version 1.6.11, saml2 5.0.0-alpha.13 version of the data forgery problem vulnerability , the vulnerability stems from the XML signature validation needs to verify that the hash value of the XML document in question matches a specific...

Improper Signature Validation

simplesamlphp/xml-security and simplesamlphp/saml2 are vulnerable to Improper Signature Validation. The vulnerability is due to a lack of proper signature validation in the validateReference method. This could lead to the forging of digital signatures...

GHSA-WW7X-3GXH-QM6R Validation of SignedInfo

Validation of an XML Signature requires verification that the hash value of the related XML-document after any optional transformations and/or normalizations matches a specific DigestValue-value, but also that the cryptografic signature on the SignedInfo-tree the one that contains the DigestValue...

Tenable Security Center 5.23.1 / 6.0.0 / 6.1.0 / 6.1.1 / 6.2.0 Multiple Vulnerabilities (TNS-2023-42)

According to its self-reported version, the Tenable Security Center running on the remote host is affected by multiple vulnerabilities as referenced in the TNS-2023-42 advisory. - Security Center leverages third-party software to help provide underlying functionality. Several of the third-party...