CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

8 matches found

Tenable Nessus•added 2025/08/25 12:0 a.m.•2 views

Linux Distros Unpatched Vulnerability : CVE-2017-12868

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The secureCompare method in lib/SimpleSAML/Utils/Crypto.php in SimpleSAMLphp 1.14.13 and earlier, when used with PHP before 5.6, allows attackers to conduct...

9.8CVSS8.3AI score0.00764EPSS

Exploits0References2

Github Security Blog•added 2022/05/14 3:15 a.m.•20 views

SimpleSAMLphp Session fixation issue and authentication bypass in the authcrypt module

The secureCompare method in lib/SimpleSAML/Utils/Crypto.php in SimpleSAMLphp 1.14.13 and earlier, when used with PHP before 5.6, allows attackers to conduct session fixation attacks or possibly bypass authentication by leveraging missing character conversions before an XOR operation...

9.8CVSS7.3AI score0.00764EPSS

Exploits0References7Affected Software1

CNVD•added 2017/09/06 12:0 a.m.•2 views

SimpleSAMLphp PHP Session Fixation Vulnerability

SimpleSAMLphp is a suite of PHP authentication applications that implement the SAML 2.0 Service Provider and Identity Provider functionality.PHP is an open source general-purpose computer scripting language used in... A security vulnerability exists in the secureCompare method in SimpleSAMLphp...

9.8CVSS9.1AI score0.00764EPSS

Exploits0References1

Veracode•added 2017/09/04 7:7 a.m.•19 views

Session Fixation

SimpleSAML is vulnerable to session fixation attacks. This happens due to the incorrect conversion to an integer of individual bytes in both strings before an XOR operation in the secureCompare method in lib/SimpleSAML/Utils/Crypto.php...

9.8CVSS9.1AI score0.00764EPSS

Exploits0References4Affected Software1