7 matches found
GHSA-GP2M-7CFP-H6GF Incorrect persistent NameID generation in SimpleSAMLphp
Background When a SimpleSAMLphp Identity Provider is misconfigured, a bug in the software when trying to build a persistent NameID to univocally identify the authenticating subject could cause different users to get the same identifier generated, depending on the attributes available for them rig...
Incorrect persistent NameID generation in SimpleSAMLphp
Background When a SimpleSAMLphp Identity Provider is misconfigured, a bug in the software when trying to build a persistent NameID to univocally identify the authenticating subject could cause different users to get the same identifier generated, depending on the attributes available for them rig...
CVE-2017-12873
SimpleSAMLphp 1.7.0 through 1.14.10 might allow attackers to obtain sensitive information, gain unauthorized access, or have unspecified other impacts by leveraging incorrect persistent NameID generation when an Identity Provider IdP is misconfigured...
Code injection
SimpleSAMLphp 1.7.0 through 1.14.10 might allow attackers to obtain sensitive information, gain unauthorized access, or have unspecified other impacts by leveraging incorrect persistent NameID generation when an Identity Provider IdP is misconfigured...
CVE-2017-12873
SimpleSAMLphp 1.7.0 through 1.14.10 might allow attackers to obtain sensitive information, gain unauthorized access, or have unspecified other impacts by leveraging incorrect persistent NameID generation when an Identity Provider IdP is misconfigured...
CVE-2017-12873
SimpleSAMLphp 1.7.0–1.14.10 is affected by CVE-2017-12873 due to an incorrect persistent NameID generation when an Identity Provider (IdP) is misconfigured. This could allow attackers to obtain sensitive information or gain unauthorized access, depending on deployment specifics. The vulnerability...
Incorrect persistent NameID generation
More info at https://simplesamlphp.org/security/201612-04...