Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

9 matches found

NVD
NVDadded 2021/06/02 1:15 p.m.12 views

CVE-2020-14380

An account takeover flaw was found in Red Hat Satellite 6.7.2 onward. A potential attacker with proper authentication to the relevant external authentication source SSO or Open ID can claim the privileges of already existing local users of Satellite...

7.5CVSS0.00319EPSS
Exploits0References1
Cvelist
Cvelistadded 2021/06/02 12:27 p.m.20 views

CVE-2020-14380

An account takeover flaw was found in Red Hat Satellite 6.7.2 onward. A potential attacker with proper authentication to the relevant external authentication source SSO or Open ID can claim the privileges of already existing local users of Satellite...

7.5AI score0.00319EPSS
Exploits0References1
Debian
Debianadded 2018/06/29 9:5 p.m.23 views

[SECURITY] [DLA 1408-1] simplesamlphp security update

Package : simplesamlphp Version : 1.13.1-2+deb8u2 CVE ID : CVE-2017-12868 CVE-2017-12872 CVE-2017-12872 / CVE-2017-12868 The 1 Htpasswd authentication source in the authcrypt module and 2 SimpleSAMLSession class in SimpleSAMLphp 1.14.11 and earlier allow remote attackers to conduct timing...

9.8CVSS8.2AI score0.00764EPSS
Exploits0
Tenable Nessus
Tenable Nessusadded 2017/12/13 12:0 a.m.34 views

Debian DLA-1205-1 : simplesamlphp security update

The simplesamlphp package in wheezy is vulnerable to multiple attacks on authentication-related code, leading to unauthorized access and information disclosure. CVE-2017-12867 The SimpleSAMLAuthTimeLimitedToken class allows attackers with access to a secret token to extend its validity period by...

9.8CVSS7.1AI score0.00764EPSS
Exploits0References8
UbuntuCve
UbuntuCveadded 2017/09/01 9:29 p.m.21 views

CVE-2017-12872

The 1 Htpasswd authentication source in the authcrypt module and 2 SimpleSAMLSession class in SimpleSAMLphp 1.14.11 and earlier allow remote attackers to conduct timing side-channel attacks by leveraging use of the standard comparison operator to compare secret material against user input...

5.9CVSS6.6AI score0.00404EPSS
Exploits0References2
CVE
CVEadded 2017/09/01 9:0 p.m.62 views

CVE-2017-12872

CVE-2017-12872 affects SimpleSAMLphp (

5.9CVSS5.9AI score0.00404EPSS
Exploits0References3Affected Software1
Prion
Prionadded 2017/09/01 1:29 p.m.13 views

Authentication flaw

The multiauth module in SimpleSAMLphp 1.14.13 and earlier allows remote attackers to bypass authentication context restrictions and use an authentication source defined in config/authsources.php via vectors related to improper validation of user input...

5CVSS7.5AI score0.00418EPSS
Exploits0References3Affected Software2
Cvelist
Cvelistadded 2017/09/01 1:0 p.m.18 views

CVE-2017-12869

The multiauth module in SimpleSAMLphp 1.14.13 and earlier allows remote attackers to bypass authentication context restrictions and use an authentication source defined in config/authsources.php via vectors related to improper validation of user input...

8.5AI score0.00418EPSS
Exploits0References3
Veracode
Veracodeadded 2017/08/21 8:37 a.m.19 views

Execution Of Arbitrary Authentication Source

SimpleSAMLphp is vulnerable to execution of arbitrary authentication source. This can happen because it does not validate the user input for choice of authentication source against a list of valid sources set by the administrator in multiauth module...

7.5CVSS8.2AI score0.00418EPSS
Exploits0References6Affected Software1
Rows per page
Query Builder