CVE-2017-12867

The SimpleSAMLAuthTimeLimitedToken class in SimpleSAMLphp 1.14.14 and earlier allows attackers with access to a secret token to extend its validity period by manipulating the prepended time offset...

UBUNTU-CVE-2017-12867

The SimpleSAMLAuthTimeLimitedToken class in SimpleSAMLphp 1.14.14 and earlier allows attackers with access to a secret token to extend its validity period by manipulating the prepended time offset...

CVE-2017-12867

The SimpleSAMLAuthTimeLimitedToken class in SimpleSAMLphp 1.14.14 and earlier allows attackers with access to a secret token to extend its validity period by manipulating the prepended time offset...

CVE-2017-12867

The SimpleSAMLAuthTimeLimitedToken class in SimpleSAMLphp 1.14.14 and earlier allows attackers with access to a secret token to extend its validity period by manipulating the prepended time offset...

Design/Logic Flaw

The SimpleSAMLAuthTimeLimitedToken class in SimpleSAMLphp 1.14.14 and earlier allows attackers with access to a secret token to extend its validity period by manipulating the prepended time offset...

DEBIAN-CVE-2017-12867

The SimpleSAMLAuthTimeLimitedToken class in SimpleSAMLphp 1.14.14 and earlier allows attackers with access to a secret token to extend its validity period by manipulating the prepended time offset...

CVE-2017-12867

CVE-2017-12867 affects SimpleSAMLphp 1.14.14 and earlier where an attacker with access to a secret token can extend the token’s validity by manipulating the prepended time offset. The connected advisories confirm this vulnerability in multiple Debian releases and note that patches were released (...

CVE-2017-12867

The SimpleSAMLAuthTimeLimitedToken class in SimpleSAMLphp 1.14.14 and earlier allows attackers with access to a secret token to extend its validity period by manipulating the prepended time offset...

CVE-2017-12867

The SimpleSAMLAuthTimeLimitedToken class in SimpleSAMLphp 1.14.14 and earlier allows attackers with access to a secret token to extend its validity period by manipulating the prepended time offset...

Cross Site Scripting (XSS) in the consentAdmin module

More info at https://simplesamlphp.org/security/201709-01...

Padding Oracle Attack

simplesamlphp is vulnerable to padding oracle attacks. The library does not authenticate the ciphertext, allowing a malicious user listening in on the network to conduct a padding oracle attack to recover the identifier and try impersonating the user...

Authentication Bypass

simplesamlphp is vulnerable to authentication bypass. When the IdP is incorrectly configured it is possible for multiple users to be assigned a null value as a NameID, allowing a malicious user to authenticate themselves to another user's account...

Timing Attack

simplesamlphp is vulnerable to timing attacks. The library does not compare cookies in constant time, allowing malicious users to guess the valid cookies based on the time that a comparison takes...

Unauthorized Extension Of Token Validity

simplesamlphp is vulnerable to having a token's validity period extended by an unauthorized party. The vulnerability is possible because there is a flaw in the calculateTokenValue function in TimeLimitedToken.php. The flaw allows an attacker to extend the prepended offset as much as needed to hit...

Execution Of Arbitrary Authentication Source

SimpleSAMLphp is vulnerable to execution of arbitrary authentication source. This can happen because it does not validate the user input for choice of authentication source against a list of valid sources set by the administrator in multiauth module...

Denial Of Service (DoS)

simplesamlphp/saml2 is vulnerable to denial of service DoS attacks and spoofed SAML responses. It mishandles the conversion of return values to boolean which allows attackers to perform these attacks...

Security Bypass Via Signature Spoofing

simplesamlphp is vulnerable to security bypass via signature spoofing attacks. The attacks are possible because the SimpleSAMLXMLValidator incorrectly checks the return values in the signature validation, thereby allowing an attacker to spoof an invalid signature as valid. This flaw can also lead...

Authentication context bypass (multiauth module)

More info at https://simplesamlphp.org/security/201704-02...

Session fixation and authentication bypass (authcrypt module)

More info at https://simplesamlphp.org/security/201705-01...

Unauthenticated encryption in CBC mode

More info at https://simplesamlphp.org/security/201704-01...