Published: 02/02/2018 Updated: 13/05/2019

CVSS v2 Base Score: 6.8 | Impact Score: 6.4 | Exploitability Score: 8.6

CVSS v3 Base Score: 8.1 | Impact Score: 5.9 | Exploitability Score: 2.2

VMScore: 605

Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

A signature-validation bypass issue exists in SimpleSAMLphp up to and including 1.14.16. A SimpleSAMLphp Service Provider using SAML 1.1 will regard as valid any unsigned SAML response containing more than one signed assertion, provided that the signature of at least one of the assertions is valid. Attributes contained in all the assertions received will be merged and the entityID of the first assertion received will be used, allowing an malicious user to impersonate any user of any IdP given an assertion signed by the targeted IdP.

Vulnerable Product	Search on Vulmon	Subscribe to Product
simplesamlphp simplesamlphp
debian debian linux 8.0
debian debian linux 7.0
debian debian linux 9.0

Debian Bug report logs - #889286 simplesamlphp: CVE-2017-18121 CVE-2017-18122 Package: simplesamlphp; Maintainer for simplesamlphp is Thijs Kinkhorst <thijs@debianorg>; Source for simplesamlphp is src:simplesamlphp (PTS, buildd, popcon) Reported by: Abhijith PA <abhijith@disrootorg> Date: Sat, 3 Feb 2018 10:57:03 ...

Several vulnerabilities have been discovered in SimpleSAMLphp, a framework for authentication, primarily via the SAML protocol CVE-2017-12867 Attackers with access to a secret token could extend its validity period by manipulating the prepended time offset CVE-2017-12869 When using the multiauth module, attackers can bypass authentic ...

CWE-347 https://simplesamlphp.org/security/201710-01 https://lists.debian.org/debian-lts-announce/2018/02/msg00008.html https://www.debian.org/security/2018/dsa-4127 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=889286 https://www.debian.org/security/./dsa-4127 https://nvd.nist.gov

CVE-2017-18122

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect