Lucene search
GoogleOSV:GHSA-QC43-78VJ-VG7PHistoryMay 14, 2022 - 1:04 a.m.
SimpleSAMLphp Authentication context bypass in the multiauth module
2022-05-1401:04:19
Google
osv.dev
2
The multiauth module in SimpleSAMLphp 1.14.13 and earlier allows remote attackers to bypass authentication context restrictions and use an authentication source defined in config/authsources.php via vectors related to improper validation of user input.
References
github.com/FriendsOfPHP/security-advisories/blob/master/simplesamlphp/simplesamlphp/CVE-2017-12869.yaml
github.com/simplesamlphp/simplesamlphp
github.com/simplesamlphp/simplesamlphp/blob/de98fc5bb663feea16686ae77958f759b4a7638d/docs/simplesamlphp-changelog-1.x.md?plain=1#L902C64-L902C79
lists.debian.org/debian-lts-announce/2017/12/msg00007.html
nvd.nist.gov/vuln/detail/CVE-2017-12869
simplesamlphp.org/security/201704-02
www.debian.org/security/2018/dsa-4127
Related
friendsofphp
friendsofphp
Authentication context bypass (multiauth module)
2017-05-05 10:47:00
cve
cve
CVE-2017-12869
2017-09-01 13:29:00
osv
osv
CVE-2017-12869
2017-09-01 13:29:00
simplesamlphp - security update
2017-12-12 00:00:00
simplesamlphp - security update
2018-03-02 00:00:00
ubuntucve
ubuntucve
CVE-2017-12869
2017-09-01 00:00:00
prion
prion
Authentication flaw
2017-09-01 13:29:00
nvd
nvd
CVE-2017-12869
2017-09-01 13:29:00
debiancve
debiancve
CVE-2017-12869
2017-09-01 13:29:00
veracode
veracode
Execution Of Arbitrary Authentication Source
2017-08-21 08:37:41
github
github
SimpleSAMLphp Authentication context bypass in the multiauth module
2022-05-14 01:04:19
cvelist
cvelist
CVE-2017-12869
2017-09-01 13:00:00
openvas
openvas
Debian: Security Advisory (DLA-1205-1)
2023-03-08 00:00:00
Debian: Security Advisory (DSA-4127-1)
2018-03-01 00:00:00
nessus
nessus
Debian DLA-1205-1 : simplesamlphp security update
2017-12-13 00:00:00
Debian DSA-4127-1 : simplesamlphp - security update
2018-03-05 00:00:00
debian
debian
[SECURITY] [DLA 1205-1] simplesamlphp security update
2017-12-12 10:13:22
[SECURITY] [DSA 4127-1] simplesamlphp security update
2018-03-02 06:15:39
[SECURITY] [DSA 4127-1] simplesamlphp security update
2018-03-02 06:15:39