2 matches found
GHSA-GP2M-7CFP-H6GF Incorrect persistent NameID generation in SimpleSAMLphp
Background When a SimpleSAMLphp Identity Provider is misconfigured, a bug in the software when trying to build a persistent NameID to univocally identify the authenticating subject could cause different users to get the same identifier generated, depending on the attributes available for them rig...
DEBIAN-CVE-2017-12873
SimpleSAMLphp 1.7.0 through 1.14.10 might allow attackers to obtain sensitive information, gain unauthorized access, or have unspecified other impacts by leveraging incorrect persistent NameID generation when an Identity Provider IdP is misconfigured...