4 matches found
Linux Distros Unpatched Vulnerability : CVE-2017-12872
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The 1 Htpasswd authentication source in the authcrypt module and 2 SimpleSAMLSession class in SimpleSAMLphp 1.14.11 and earlier allow remote attackers to conduc...
SimpleSAMLphp authcrypt module timed side channel attack vulnerability
SimpleSAMLphp is a PHP authentication application that implements the SAML2.0 service provider and identity provider functionality . A timing side channel attack vulnerability exists in the authcrypt module in SimpleSAMLphp 1.14.11 and earlier versions, which can be exploited by an attacker who...
CVE-2017-12872
The 1 Htpasswd authentication source in the authcrypt module and 2 SimpleSAMLSession class in SimpleSAMLphp 1.14.11 and earlier allow remote attackers to conduct timing side-channel attacks by leveraging use of the standard comparison operator to compare secret material against user input...
Input validation
The 1 Htpasswd authentication source in the authcrypt module and 2 SimpleSAMLSession class in SimpleSAMLphp 1.14.11 and earlier allow remote attackers to conduct timing side-channel attacks by leveraging use of the standard comparison operator to compare secret material against user input...