19 matches found
EUVD-2022-4943
Malicious code in bioql PyPI...
SimpleSAMLphp Authentication context bypass in the multiauth module
The multiauth module in SimpleSAMLphp 1.14.13 and earlier allows remote attackers to bypass authentication context restrictions and use an authentication source defined in config/authsources.php via vectors related to improper validation of user input...
GHSA-QC43-78VJ-VG7P SimpleSAMLphp Authentication context bypass in the multiauth module
The multiauth module in SimpleSAMLphp 1.14.13 and earlier allows remote attackers to bypass authentication context restrictions and use an authentication source defined in config/authsources.php via vectors related to improper validation of user input...
Debian DSA-4127-1 : simplesamlphp - security update
Several vulnerabilities have been discovered in SimpleSAMLphp, a framework for authentication, primarily via the SAML protocol. - CVE-2017-12867 Attackers with access to a secret token could extend its validity period by manipulating the prepended time offset. - CVE-2017-12869 When using the...
[SECURITY] [DSA 4127-1] simplesamlphp security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4127-1 [email protected] https://www.debian.org/security/ Thijs Kinkhorst March 02, 2018 https://www.debian.org/security/faq -...
Debian DLA-1205-1 : simplesamlphp security update
The simplesamlphp package in wheezy is vulnerable to multiple attacks on authentication-related code, leading to unauthorized access and information disclosure. CVE-2017-12867 The SimpleSAMLAuthTimeLimitedToken class allows attackers with access to a secret token to extend its validity period by...
SimpleSAMLphp multiauth module authentication bypass vulnerability
SimpleSAMLphp is a set of PHP authentication applications that implement SAML 2.0 Service Provider and Identity Provider functionality . multiauth module is one of the installed authentication module . A security vulnerability exists in the multiauth module in SimpleSAMLphp 1.14.13 and earlier...
CVE-2017-12869
The multiauth module in SimpleSAMLphp 1.14.13 and earlier allows remote attackers to bypass authentication context restrictions and use an authentication source defined in config/authsources.php via vectors related to improper validation of user input...
CVE-2017-12869
The multiauth module in SimpleSAMLphp 1.14.13 and earlier allows remote attackers to bypass authentication context restrictions and use an authentication source defined in config/authsources.php via vectors related to improper validation of user input...
CVE-2017-12869
The multiauth module in SimpleSAMLphp 1.14.13 and earlier allows remote attackers to bypass authentication context restrictions and use an authentication source defined in config/authsources.php via vectors related to improper validation of user input...
UBUNTU-CVE-2017-12869
The multiauth module in SimpleSAMLphp 1.14.13 and earlier allows remote attackers to bypass authentication context restrictions and use an authentication source defined in config/authsources.php via vectors related to improper validation of user input...
CVE-2017-12869
The multiauth module in SimpleSAMLphp 1.14.13 and earlier allows remote attackers to bypass authentication context restrictions and use an authentication source defined in config/authsources.php via vectors related to improper validation of user input...
Authentication flaw
The multiauth module in SimpleSAMLphp 1.14.13 and earlier allows remote attackers to bypass authentication context restrictions and use an authentication source defined in config/authsources.php via vectors related to improper validation of user input...
DEBIAN-CVE-2017-12869
The multiauth module in SimpleSAMLphp 1.14.13 and earlier allows remote attackers to bypass authentication context restrictions and use an authentication source defined in config/authsources.php via vectors related to improper validation of user input...
CVE-2017-12869
The multiauth module in SimpleSAMLphp 1.14.13 and earlier allows remote attackers to bypass authentication context restrictions and use an authentication source defined in config/authsources.php via vectors related to improper validation of user input...
CVE-2017-12869
The multiauth module in SimpleSAMLphp 1.14.13 and earlier allows remote attackers to bypass authentication context restrictions and use an authentication source defined in config/authsources.php via vectors related to improper validation of user input...
CVE-2017-12869
CVE-2017-12869 affects SimpleSAMLphp multiauth module (1.14.13 and earlier) and allows remote attackers to bypass authentication context restrictions by using an authentication source defined in config/authsources.php due to improper input validation. Public advisories (e.g., Debian DSA-4127/DSA-...
Execution Of Arbitrary Authentication Source
SimpleSAMLphp is vulnerable to execution of arbitrary authentication source. This can happen because it does not validate the user input for choice of authentication source against a list of valid sources set by the administrator in multiauth module...
Authentication context bypass (multiauth module)
More info at https://simplesamlphp.org/security/201704-02...