CVE-2017-12868

CVE-2017-12868 affects SimpleSAMLphp (secureCompare in lib/SimpleSAML/Utils/Crypto.php) and older PHP runtime. When used with PHP

CVE-2019-3465

CVE-2019-3465 affects Rob Richards XmlSecLibs (all versions before 3.0.3) used by SimpleSAMLphp, where XML signature validation is incorrect. An authenticated attacker can impersonate others or elevate privileges via crafted XML messages. The issue is mitigated by upgrading XmlSecLibs to v3.0.3 o...

CVE-2017-12873

SimpleSAMLphp 1.7.0–1.14.10 is affected by CVE-2017-12873 due to an incorrect persistent NameID generation when an Identity Provider (IdP) is misconfigured. This could allow attackers to obtain sensitive information or gain unauthorized access, depending on deployment specifics. The vulnerability...

CVE-2020-5226

CVE-2020-5226 affects SimpleSAMLphp prior to 1.18.4. The vulnerability stems from www/errorreport.php where error reports are sent via the SimpleSAML\Utils\EMail wrapper. Starting with 1.18.0, Twig-based email templates were introduced; Twig escapes variables, but the older plain PHP template did...

CVE-2020-5301

SimpleSAMLphp before 1.18.6 exposes source code of module files when a request ends with .PHP on case-insensitive filesystems (e.g., Windows) due to a faulty .php check; this enables information disclosure of private/sensitive module source. The issue is fixed in version 1.18.6. Affected/related ...

CVE-2016-9955

The CVE-2016-9955 issue affects SimpleSAMLphp up to version 1.14.10 via the SimpleSAML_XML_Validator constructor. Affected component: SimpleSAML_XML_Validator in SimpleSAMLphp; root cause: improper conversion of return values to boolean in signature validation, allowing an attacker to spoof signa...

CVE-2017-12869

CVE-2017-12869 affects SimpleSAMLphp multiauth module (1.14.13 and earlier) and allows remote attackers to bypass authentication context restrictions by using an authentication source defined in config/authsources.php due to improper input validation. Public advisories (e.g., Debian DSA-4127/DSA-...

CVE-2016-9814

Summary: CVE-2016-9814 affects SimpleSAMLphp and the simplesamlphp/saml2 library. The vulnerability stems from an improper conversion of return values to boolean in the validateSignature method of SAML2\Utils, enabling remote attackers to spoof SAML responses or cause a memory-related Denial of S...

CVE-2020-5225

The CVE-2020-5225 issue affects SimpleSAMLphp up to version 1.18.3, where the www/errorreport.php endpoint did not sanitize the reportID parameter, allowing an attacker to inject newline characters and append arbitrary log lines when the file logging handler is used. This could lead to log inject...

CVE-2018-6521

CVE-2018-6521 affects SimpleSAMLphp SQLaUTH: before 1.15.2, the MySQL utf8 charset truncates queries at four-byte characters, potentially allowing remote attackers to bypass access restrictions. Affected: SimpleSAMLphp SQLaUTH module. Root cause: reliance on utf8 charset causing truncation. Impac...

CVE-2017-18121

CVE-2017-18121 affects SimpleSAMLphp’s consentAdmin module (up to version 1.14.15); it enables cross-site scripting via crafted links that execute arbitrary JavaScript in the victim’s browser. Debian advisories and Nessus plugins indicate fixes were released (e.g., 1.14.11-1+deb9u1 for Stretch, 1...

CVE-2017-12872

CVE-2017-12872 affects SimpleSAMLphp (

CVE-2017-18122

CVE-2017-18122 describes a signature-validation bypass in SimpleSAMLphp (up to 1.14.16) where a Service Provider using SAML 1.1 would treat as valid an unsigned SAML response that contains more than one signed assertion, as long as at least one signature is valid. This can let an attacker imperso...

CVE-2017-12867

CVE-2017-12867 affects SimpleSAMLphp 1.14.14 and earlier where an attacker with access to a secret token can extend the token’s validity by manipulating the prepended time offset. The connected advisories confirm this vulnerability in multiple Debian releases and note that patches were released (...

CVE-2018-7711

CVE-2018-7711 affects the SimpleSAMLphp saml2 library, specifically HTTPRedirect.php in versions prior to 1.15.4. The root cause is an incorrect check of return values in the signature validation utilities, caused by a dependency on PHP behavior that interprets a -1 error code as true. This lets ...

CVE-2018-7644

CVE-2018-7644 affects SimpleSAMLphp prior to 1.15.3 where XmlSecLibs used by the saml2 library incorrectly verifies SAML assertions, enabling a remote attacker to craft an assertion from an Identity Provider that passes cryptographic checks and impersonate a user from that IdP. The issue is a key...

CVE-2011-4625

The CVE-2011-4625 entry concerns simplesamlphp and its XML encryption handling. In affected versions (before 1.6.3 for squeeze and before 1.8.2 for sid), the software allegedly mishandles XML encryption, which could allow remote attackers to decrypt or forge messages. The connected documents conf...

CVE-2012-0908

CVE-2012-0908 concerns a cross-site scripting (XSS) flaw in SimpleSAMLphp. The vulnerability occurs in logout.php where the link_href parameter is not properly sanitized, allowing remote attackers to inject arbitrary script or HTML. Affected version scope includes 1.8.1 and potentially other vers...

CVE-2017-12871

The CVE-2017-12871 issue affects SimpleSAMLphp (1.14.x–1.14.11) in the aesEncrypt method located at lib/SimpleSAML/Utils/Crypto.php. The root cause is using the first 16 bytes of the secret key as the initialization vector (IV), which enables context-dependent attackers to bypass the encryption p...

CVE-2017-12870

CVE-2017-12870 affects SimpleSAMLphp 1.14.12 and earlier. The issue arises from the use of AES encrypt/decrypt in the SimpleSAML/Utils/Crypto class to protect session identifiers in replies to non-HTTPS service providers, enabling MITM attackers to obtain sensitive information. The connected sour...

CVE-2016-3124

The CVE concerns SimpleSAMLphp’s sanitycheck module prior to version 1.14.1, which is vulnerable to information leakage. The issue allows remote attackers to determine the PHP version running on the affected system via unspecified vectors. The vulnerability is tied to the sanitycheck component, a...

CVE-2018-6520

SimpleSAMLphp before 1.15.2 is vulnerable to an open redirect protection bypass through crafted authority data in a URL. The underlying issue is in the URL handling that allows bypass of redirect protections, enabling potential open redirects. Affected component: SimpleSAMLphp (prior to 1.15.2). ...

CVE-2012-0040

CVE-2012-0040 is a cross-site scripting (XSS) vulnerability in SimpleSAMLphp 1.8.1 (and possibly earlier versions before 1.8.2) where an attacker can inject arbitrary script/HTML via the retryURL parameter in modules/core/www/no_cookie.php. Affected software is SimpleSAMLphp; root cause is improp...