Lucene search
GoogleOSV:GHSA-597C-MH7M-48V7HistoryMay 13, 2022 - 1:42 a.m.
SimpleSAMLphp Invalid token creation and validation
2022-05-1301:42:46
Google
osv.dev
3
simplesamlphp
auth_timelimitedtoken
security vulnerability
token manipulation
The SimpleSAML_Auth_TimeLimitedToken class in SimpleSAMLphp 1.14.14 and earlier allows attackers with access to a secret token to extend its validity period by manipulating the prepended time offset.
References
github.com/FriendsOfPHP/security-advisories/blob/master/simplesamlphp/simplesamlphp/CVE-2017-12867.yaml
github.com/simplesamlphp/simplesamlphp
github.com/simplesamlphp/simplesamlphp/commit/608f24c2d5afd70c2af050785d2b12f878b33c68
lists.debian.org/debian-lts-announce/2017/12/msg00007.html
nvd.nist.gov/vuln/detail/CVE-2017-12867
simplesamlphp.org/security/201708-01
www.debian.org/security/2018/dsa-4127
Related
ubuntucve
ubuntucve
CVE-2017-12867
2017-08-29 00:00:00
github
github
SimpleSAMLphp Invalid token creation and validation
2022-05-13 01:42:46
cve
cve
CVE-2017-12867
2017-08-29 15:29:00
veracode
veracode
Unauthorized Extension Of Token Validity
2017-08-21 09:02:17
debiancve
debiancve
CVE-2017-12867
2017-08-29 15:29:00
osv
osv
CVE-2017-12867
2017-08-29 15:29:00
simplesamlphp - security update
2017-12-12 00:00:00
simplesamlphp - security update
2018-03-02 00:00:00
prion
prion
Design/Logic Flaw
2017-08-29 15:29:00
cvelist
cvelist
CVE-2017-12867
2017-08-29 15:00:00
friendsofphp
friendsofphp
Invalid token creation and validation
2017-06-28 14:13:10
nvd
nvd
CVE-2017-12867
2017-08-29 15:29:00
debian
debian
[SECURITY] [DLA 1205-1] simplesamlphp security update
2017-12-12 10:13:22
[SECURITY] [DSA 4127-1] simplesamlphp security update
2018-03-02 06:15:39
[SECURITY] [DSA 4127-1] simplesamlphp security update
2018-03-02 06:15:39
nessus
nessus
Debian DLA-1205-1 : simplesamlphp security update
2017-12-13 00:00:00
Debian DSA-4127-1 : simplesamlphp - security update
2018-03-05 00:00:00
openvas
openvas
Debian: Security Advisory (DLA-1205-1)
2023-03-08 00:00:00
Debian: Security Advisory (DSA-4127-1)
2018-03-01 00:00:00