4 matches found
Linux Distros Unpatched Vulnerability : CVE-2017-12868
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The secureCompare method in lib/SimpleSAML/Utils/Crypto.php in SimpleSAMLphp 1.14.13 and earlier, when used with PHP before 5.6, allows attackers to conduct...
Session Fixation
SimpleSAML is vulnerable to session fixation attacks. This happens due to the incorrect conversion to an integer of individual bytes in both strings before an XOR operation in the secureCompare method in lib/SimpleSAML/Utils/Crypto.php...
Authentication flaw
The secureCompare method in lib/SimpleSAML/Utils/Crypto.php in SimpleSAMLphp 1.14.13 and earlier, when used with PHP before 5.6, allows attackers to conduct session fixation attacks or possibly bypass authentication by leveraging missing character conversions before an XOR operation...
CVE-2017-12868
The secureCompare method in lib/SimpleSAML/Utils/Crypto.php in SimpleSAMLphp 1.14.13 and earlier, when used with PHP before 5.6, allows attackers to conduct session fixation attacks or possibly bypass authentication by leveraging missing character conversions before an XOR operation...