576 matches found
CVE-2018-7644
The XmlSecLibs library as used in the saml2 library in SimpleSAMLphp before 1.15.3 incorrectly verifies signatures on SAML assertions, allowing a remote attacker to construct a crafted SAML assertion on behalf of an Identity Provider that would pass as cryptographically valid, thereby allowing th...
Type confusion
The XmlSecLibs library as used in the saml2 library in SimpleSAMLphp before 1.15.3 incorrectly verifies signatures on SAML assertions, allowing a remote attacker to construct a crafted SAML assertion on behalf of an Identity Provider that would pass as cryptographically valid, thereby allowing th...
CVE-2018-7644
The XmlSecLibs library as used in the saml2 library in SimpleSAMLphp before 1.15.3 incorrectly verifies signatures on SAML assertions, allowing a remote attacker to construct a crafted SAML assertion on behalf of an Identity Provider that would pass as cryptographically valid, thereby allowing th...
DEBIAN-CVE-2018-7644
The XmlSecLibs library as used in the saml2 library in SimpleSAMLphp before 1.15.3 incorrectly verifies signatures on SAML assertions, allowing a remote attacker to construct a crafted SAML assertion on behalf of an Identity Provider that would pass as cryptographically valid, thereby allowing th...
CVE-2018-7644
The XmlSecLibs library as used in the saml2 library in SimpleSAMLphp before 1.15.3 incorrectly verifies signatures on SAML assertions, allowing a remote attacker to construct a crafted SAML assertion on behalf of an Identity Provider that would pass as cryptographically valid, thereby allowing th...
CVE-2018-7644
The XmlSecLibs library as used in the saml2 library in SimpleSAMLphp before 1.15.3 incorrectly verifies signatures on SAML assertions, allowing a remote attacker to construct a crafted SAML assertion on behalf of an Identity Provider that would pass as cryptographically valid, thereby allowing th...
CVE-2018-7644
CVE-2018-7644 affects SimpleSAMLphp prior to 1.15.3 where XmlSecLibs used by the saml2 library incorrectly verifies SAML assertions, enabling a remote attacker to craft an assertion from an Identity Provider that passes cryptographic checks and impersonate a user from that IdP. The issue is a key...
Incorrect signature validation
More info at https://simplesamlphp.org/security/201803-01...
[SECURITY] [DLA 1297-1] simplesamlphp security update
Package : simplesamlphp Version : 1.9.2-1+deb7u3 CVE ID : CVE-2016-9814 CVE-2016-9955 Several vulnerabilities have been discovered in SimpleSAMLphp, a framework for authentication, primarily via the SAML protocol. CVE-2016-9814 & CVE-2016-9955 An incorrect check of return values in the signature...
[SECURITY] [DSA 4127-1] simplesamlphp security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4127-1 [email protected] https://www.debian.org/security/ Thijs Kinkhorst March 02, 2018 https://www.debian.org/security/faq -...
[SECURITY] [DSA 4127-1] simplesamlphp security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4127-1 [email protected] https://www.debian.org/security/ Thijs Kinkhorst March 02, 2018 https://www.debian.org/security/faq -...
DSA-4127-1 simplesamlphp - security update
Bulletin has no description...
DLA-1298-1 simplesamlphp - security update
Bulletin has no description...
Debian: Security Advisory (DSA-4127-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Incorrect signature validation
More info at https://simplesamlphp.org/security/201802-01...
Debian: Security Advisory (DLA-1273-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
[SECURITY] [DLA 1273-1] simplesamlphp security update
Package : simplesamlphp Version : 1.9.2-1+deb7u2 CVE ID : CVE-2017-18121 CVE-2017-18122 CVE-2018-6521 Debian Bug : 889286 simplesamlphp, an authentication and federation application has been found vulnerable to Cross Site Scripting XSS, signature validation byepass and using insecure connection...
DLA-1273-1 simplesamlphp - security update
Bulletin has no description...
Debian DLA-1273-1 : simplesamlphp security update
simplesamlphp, an authentication and federation application has been found vulnerable to Cross Site Scripting XSS, signature validation byepass and using insecure connection charset. CVE-2017-18121 A Cross Site Scripting XSS issue has been found in the consentAdmin module of SimpleSAMLphp through...
SimpleSAML php Signature Validation Bypass Vulnerability
SimpleSAMLphp is a set of PHP authentication applications that implement the SAML 2.0 service provider and identity provider features . A signature verification bypass vulnerability exists in the SimpleSAMLXMLValidator class in SimpleSAMLphp 1.14.16 and earlier versions using SAML 1.1. An attacke...