Lucene search

Veracode Vulnerability DatabaseVERACODE:4270

HistoryMay 22, 2017 - 6:22 a.m.

Security Bypass Via Signature Spoofing

2017-05-2206:22:39

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

6.3 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:H

4 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

HIGH

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:H/Au:N/C:N/I:P/A:P

JSON

simplesamlphp is vulnerable to security bypass via signature spoofing attacks. The attacks are possible because the SimpleSAML_XML_Validator incorrectly checks the return values in the signature validation, thereby allowing an attacker to spoof an invalid signature as valid. This flaw can also lead to other attacks such as denial of service (DoS).

CPENameOperatorVersion
simplesamlphp/simplesamlphple1.14.10
simplesamlphp:stretcheq1.14.11-1+deb9u2

CPE	Name	Operator	Version
	simplesamlphp/simplesamlphp	le	1.14.10
	simplesamlphp:stretch	eq	1.14.11-1+deb9u2

References

www.securityfocus.com/bid/94946

simplesamlphp.org/security/201612-02

6.3 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:H

4 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

HIGH

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:H/Au:N/C:N/I:P/A:P

JSON

Related for VERACODE:4270