Simplesamlphp Security Vulnerabilities and Issues — Simplesamlphp CVE List

Lucene search

SimplesamlphpSimplesamlphp

3 matches found

CVE•added 2017/09/01 1:29 p.m.•65 views

CVE-2017-12869

The multiauth module in SimpleSAMLphp 1.14.13 and earlier allows remote attackers to bypass authentication context restrictions and use an authentication source defined in config/authsources.php via vectors related to improper validation of user input.

7.5CVSS7.8AI score0.00418EPSS

CVE•added 2018/03/05 2:29 p.m.•53 views

CVE-2018-7644

The XmlSecLibs library as used in the saml2 library in SimpleSAMLphp before 1.15.3 incorrectly verifies signatures on SAML assertions, allowing a remote attacker to construct a crafted SAML assertion on behalf of an Identity Provider that would pass as cryptographically valid, thereby allowing them...

7.5CVSS7.3AI score0.00068EPSS

CVE•added 2019/11/06 3:15 p.m.•48 views

CVE-2011-4625

simplesamlphp before 1.6.3 (squeeze) and before 1.8.2 (sid) incorrectly handles XML encryption which could allow remote attackers to decrypt or forge messages.

7.5CVSS7.4AI score0.00274EPSS