Lucene search
MitreCVELIST:CVE-2018-7644HistoryMar 05, 2018 - 2:00 p.m.
CVE-2018-7644
2018-03-0514:00:00
mitre
www.cve.org
The XmlSecLibs library as used in the saml2 library in SimpleSAMLphp before 1.15.3 incorrectly verifies signatures on SAML assertions, allowing a remote attacker to construct a crafted SAML assertion on behalf of an Identity Provider that would pass as cryptographically valid, thereby allowing them to impersonate a user from that Identity Provider, aka a key confusion issue.
References
Related
ubuntucve
ubuntucve
CVE-2018-7644
2018-03-05 00:00:00
veracode
veracode
Bypassing Signature Validation
2018-05-23 07:01:30
friendsofphp
friendsofphp
Incorrect signature validation
2018-02-26 15:21:00
github
github
SimpleSAMLphp Improper Verification of Cryptographic Signature
2022-05-13 01:53:23
debiancve
debiancve
CVE-2018-7644
2018-03-05 14:29:00
cve
cve
CVE-2018-7644
2018-03-05 14:29:00
nvd
nvd
CVE-2018-7644
2018-03-05 14:29:00
prion
prion
Type confusion
2018-03-05 14:29:00
osv
osv
CVE-2018-7644
2018-03-05 14:29:00
SimpleSAMLphp Improper Verification of Cryptographic Signature
2022-05-13 01:53:23
simplesamlphp - security update
2018-03-02 00:00:00
debian
debian
[SECURITY] [DLA 1314-1] simplesamlphp security update
2018-03-23 11:58:28
openvas
openvas
Debian: Security Advisory (DLA-1314-1)
2018-03-26 00:00:00
Fedora Update for php-simplesamlphp-saml2_3 FEDORA-2018-37e28670f2
2018-03-26 00:00:00
Debian: Security Advisory (DLA-1298-1)
2018-03-26 00:00:00
nessus
nessus
Debian DLA-1314-1 : simplesamlphp security update
2018-03-27 00:00:00
Fedora 26 : php-simplesamlphp-saml2 (2018-f4ab4d96f9)
2018-03-27 00:00:00
Fedora 26 : php-simplesamlphp-saml2_3 (2018-f2097d8937)
2018-03-27 00:00:00
fedora
fedora
[SECURITY] Fedora 28 Update: php-simplesamlphp-saml2-2.3.8-1.fc28
2018-03-30 13:30:58
[SECURITY] Fedora 26 Update: php-simplesamlphp-saml2-2.3.8-1.fc26
2018-03-25 21:24:22
[SECURITY] Fedora 26 Update: php-simplesamlphp-saml2_3-3.1.4-1.fc26
2018-03-25 21:24:23