GHSA-FJR2-R2MP-484P Duplicate Advisory: SimpleSAMLphp signature validation bypass

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-j4qf-3w33-8cgc. This link is maintained to preserve external references. Original Description Background SAML messages are usually signed to prove the identity of the issuer of the message. In the case of SAML...

Security Bypass Via Signature Spoofing

simplesamlphp is vulnerable to security bypass via signature spoofing attacks. The attacks are possible because the SimpleSAMLXMLValidator incorrectly checks the return values in the signature validation, thereby allowing an attacker to spoof an invalid signature as valid. This flaw can also lead...

CVE-2016-9955

The SimpleSAMLXMLValidator class constructor in SimpleSAMLphp before 1.14.11 might allow remote attackers to spoof signatures on SAML 1 responses or possibly cause a denial of service memory consumption by leveraging improper conversion of return values to boolean...

UBUNTU-CVE-2016-9955

The SimpleSAMLXMLValidator class constructor in SimpleSAMLphp before 1.14.11 might allow remote attackers to spoof signatures on SAML 1 responses or possibly cause a denial of service memory consumption by leveraging improper conversion of return values to boolean...