582 matches found
Execution Of Arbitrary Authentication Source
SimpleSAMLphp is vulnerable to execution of arbitrary authentication source. This can happen because it does not validate the user input for choice of authentication source against a list of valid sources set by the administrator in multiauth module...
Denial Of Service (DoS)
simplesamlphp/saml2 is vulnerable to denial of service DoS attacks and spoofed SAML responses. It mishandles the conversion of return values to boolean which allows attackers to perform these attacks...
Security Bypass Via Signature Spoofing
simplesamlphp is vulnerable to security bypass via signature spoofing attacks. The attacks are possible because the SimpleSAMLXMLValidator incorrectly checks the return values in the signature validation, thereby allowing an attacker to spoof an invalid signature as valid. This flaw can also lead...
Authentication context bypass (multiauth module)
More info at https://simplesamlphp.org/security/201704-02...
Session fixation and authentication bypass (authcrypt module)
More info at https://simplesamlphp.org/security/201705-01...
Unauthenticated encryption in CBC mode
More info at https://simplesamlphp.org/security/201704-01...
Multiple timing side-channel issues
More info at https://simplesamlphp.org/security/201703-01...
CVE-2016-9955
The SimpleSAMLXMLValidator class constructor in SimpleSAMLphp before 1.14.11 might allow remote attackers to spoof signatures on SAML 1 responses or possibly cause a denial of service memory consumption by leveraging improper conversion of return values to boolean...
CVE-2016-9814
The validateSignature method in the SAML2\Utils class in SimpleSAMLphp before 1.14.10 and simplesamlphp/saml2 library before 1.9.1, 1.10.x before 1.10.3, and 2.x before 2.3.3 allows remote attackers to spoof SAML responses or possibly cause a denial of service memory consumption by leveraging...
CVE-2016-9814
The validateSignature method in the SAML2\Utils class in SimpleSAMLphp before 1.14.10 and simplesamlphp/saml2 library before 1.9.1, 1.10.x before 1.10.3, and 2.x before 2.3.3 allows remote attackers to spoof SAML responses or possibly cause a denial of service memory consumption by leveraging...
DEBIAN-CVE-2016-9955
The SimpleSAMLXMLValidator class constructor in SimpleSAMLphp before 1.14.11 might allow remote attackers to spoof signatures on SAML 1 responses or possibly cause a denial of service memory consumption by leveraging improper conversion of return values to boolean...
CVE-2016-9955
The SimpleSAMLXMLValidator class constructor in SimpleSAMLphp before 1.14.11 might allow remote attackers to spoof signatures on SAML 1 responses or possibly cause a denial of service memory consumption by leveraging improper conversion of return values to boolean...
CVE-2016-9955
The SimpleSAMLXMLValidator class constructor in SimpleSAMLphp before 1.14.11 might allow remote attackers to spoof signatures on SAML 1 responses or possibly cause a denial of service memory consumption by leveraging improper conversion of return values to boolean...
UBUNTU-CVE-2016-9955
The SimpleSAMLXMLValidator class constructor in SimpleSAMLphp before 1.14.11 might allow remote attackers to spoof signatures on SAML 1 responses or possibly cause a denial of service memory consumption by leveraging improper conversion of return values to boolean...
UBUNTU-CVE-2016-9814
The validateSignature method in the SAML2\Utils class in SimpleSAMLphp before 1.14.10 and simplesamlphp/saml2 library before 1.9.1, 1.10.x before 1.10.3, and 2.x before 2.3.3 allows remote attackers to spoof SAML responses or possibly cause a denial of service memory consumption by leveraging...
CVE-2016-9814
The validateSignature method in the SAML2\Utils class in SimpleSAMLphp before 1.14.10 and simplesamlphp/saml2 library before 1.9.1, 1.10.x before 1.10.3, and 2.x before 2.3.3 allows remote attackers to spoof SAML responses or possibly cause a denial of service memory consumption by leveraging...
CVE-2016-9955
The SimpleSAMLXMLValidator class constructor in SimpleSAMLphp before 1.14.11 might allow remote attackers to spoof signatures on SAML 1 responses or possibly cause a denial of service memory consumption by leveraging improper conversion of return values to boolean...
CVE-2016-9955
The SimpleSAMLXMLValidator class constructor in SimpleSAMLphp before 1.14.11 might allow remote attackers to spoof signatures on SAML 1 responses or possibly cause a denial of service memory consumption by leveraging improper conversion of return values to boolean...
CVE-2016-9955
The CVE-2016-9955 issue affects SimpleSAMLphp up to version 1.14.10 via the SimpleSAML_XML_Validator constructor. Affected component: SimpleSAML_XML_Validator in SimpleSAMLphp; root cause: improper conversion of return values to boolean in signature validation, allowing an attacker to spoof signa...
CVE-2016-9814
Summary: CVE-2016-9814 affects SimpleSAMLphp and the simplesamlphp/saml2 library. The vulnerability stems from an improper conversion of return values to boolean in the validateSignature method of SAML2\Utils, enabling remote attackers to spoof SAML responses or cause a memory-related Denial of S...