The InfoCard module 1.0 for SimpleSAMLphp allows attackers to spoof XML
messages by leveraging an incorrect check of return values in signature
validation utilities.
Author | Note |
---|---|
sbeattie | according to debian, issue lies in simplesamlphp/simplesamlphp-module-infocard and fixed in module version 1.0.1. The module is embedded in simplesamlphp. |
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
ubuntu | 16.04 | noarch | simplesamlphp | < any | UNKNOWN |