The secureCompare method in lib/SimpleSAML/Utils/Crypto.php in
SimpleSAMLphp 1.14.13 and earlier, when used with PHP before 5.6, allows
attackers to conduct session fixation attacks or possibly bypass
authentication by leveraging missing character conversions before an XOR
operation.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
ubuntu | 16.04 | noarch | simplesamlphp | < any | UNKNOWN |