simplesamlphp is vulnerable to having a token’s validity period extended by an unauthorized party. The vulnerability is possible because there is a flaw in the calculateTokenValue()
function in TimeLimitedToken.php
. The flaw allows an attacker to extend the prepended offset as much as needed to hit the time slot it was generated on.