2 matches found
Debian Security Advisory DSA 2330-1 (simplesamlphp)
The remote host is missing an update to simplesamlphp announced via advisory DSA 2330-1. OpenVAS Vulnerability Test $Id: deb23301.nasl 8970 2018-02-27 15:16:18Z cfischer $ Description: Auto-generated from advisory DSA 2330-1 simplesamlphp Authors: Thomas Reinke Copyright: Copyright c 2012 E-Soft...
Debian DSA-2330-1 : simplesamlphp - XML encryption weakness
Issues were found in the handling of XML encryption in simpleSAMLphp, an application for federated authentication. The following two issues have been addressed : It may be possible to use an SP as an oracle to decrypt encrypted messages sent to that SP. It may be possible to use the SP as a key...