simplesamlphp is vulnerable to padding oracle attacks. The library does not authenticate the ciphertext, allowing a malicious user listening in on the network to conduct a padding oracle attack to recover the identifier and try impersonating the user.
CPE | Name | Operator | Version |
---|---|---|---|
simplesamlphp/simplesamlphp | le | 1.14.12 |