Lucene search
Veracode Vulnerability DatabaseVERACODE:47322HistoryJun 03, 2024 - 8:52 a.m.
Insufficiently Protected Credentials
2024-06-0308:52:06
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
1
simplesamlphp
vulnerability
insecure
credentials
session state
ecp profile
identity provider
administrator privileges
7 High
AI Score
Confidence
Low
SimpleSAMLphp is vulnerable to Insufficiently Protected Credentials. The vulnerability is due to credentials being insecurely saved to the userβs session state when the ECP profile is disabled but supported in the Identity Providerβs metadata, which could result in an attacker with administrator privileges accessing the credentials.
7 High
AI Score
Confidence
Low