The secureCompare method in lib/SimpleSAML/Utils/Crypto.php in SimpleSAMLphp 1.14.13 and previous versions, when used with PHP prior to 5.6, allows malicious users to conduct session fixation attacks or possibly bypass authentication by leveraging missing character conversions before an XOR operation.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
simplesamlphp simplesamlphp |