The aesEncrypt method in lib/SimpleSAML/Utils/Crypto.php in SimpleSAMLphp 1.14.x up to and including 1.14.11 makes it easier for context-dependent malicious users to bypass the encryption protection mechanism by leveraging use of the first 16 bytes of the secret key as the initialization vector (IV).
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
simplesamlphp simplesamlphp 1.14.6 |
||
simplesamlphp simplesamlphp 1.14.7 |
||
simplesamlphp simplesamlphp 1.14.8 |
||
simplesamlphp simplesamlphp 1.14.9 |
||
simplesamlphp simplesamlphp 1.14.1 |
||
simplesamlphp simplesamlphp 1.14.3 |
||
simplesamlphp simplesamlphp 1.14.5 |
||
simplesamlphp simplesamlphp 1.14.10 |
||
simplesamlphp simplesamlphp 1.14.0 |
||
simplesamlphp simplesamlphp 1.14.2 |
||
simplesamlphp simplesamlphp 1.14.4 |
||
simplesamlphp simplesamlphp 1.14.11 |