Published: 01/09/2017 Updated: 03/10/2019

CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10

CVSS v3 Base Score: 9.8 | Impact Score: 5.9 | Exploitability Score: 3.9

VMScore: 668

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

SimpleSAMLphp 1.7.0 up to and including 1.14.10 might allow malicious users to obtain sensitive information, gain unauthorized access, or have unspecified other impacts by leveraging incorrect persistent NameID generation when an Identity Provider (IdP) is misconfigured.

Vulnerable Product	Search on Vulmon	Subscribe to Product
simplesamlphp simplesamlphp
debian debian linux 7.0
debian debian linux 9.0
debian debian linux 8.0

Debian Bug report logs - #889286 simplesamlphp: CVE-2017-18121 CVE-2017-18122 Package: simplesamlphp; Maintainer for simplesamlphp is Thijs Kinkhorst <thijs@debianorg>; Source for simplesamlphp is src:simplesamlphp (PTS, buildd, popcon) Reported by: Abhijith PA <abhijith@disrootorg> Date: Sat, 3 Feb 2018 10:57:03 ...

Several vulnerabilities have been discovered in SimpleSAMLphp, a framework for authentication, primarily via the SAML protocol CVE-2017-12867 Attackers with access to a secret token could extend its validity period by manipulating the prepended time offset CVE-2017-12869 When using the multiauth module, attackers can bypass authentic ...

CWE-384 https://simplesamlphp.org/security/201612-04 https://github.com/simplesamlphp/simplesamlphp/commit/90dca835158495b173808273e7df127303b8b953 https://lists.debian.org/debian-lts-announce/2017/12/msg00007.html https://www.debian.org/security/2018/dsa-4127 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=889286 https://nvd.nist.gov https://www.debian.org/security/./dsa-4127

CVE-2017-12873

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect