CVE-2017-12871
The CVE-2017-12871 issue affects SimpleSAMLphp (1.14.x–1.14.11) in the aesEncrypt method located at lib/SimpleSAML/Utils/Crypto.php. The root cause is using the first 16 bytes of the secret key as the initialization vector (IV), which enables context-dependent attackers to bypass the encryption p...