simplesamlphp is vulnerable to security bypass via signature spoofing attacks. The attacks are possible because the SimpleSAML_XML_Validator
incorrectly checks the return values in the signature validation, thereby allowing an attacker to spoof an invalid signature as valid. This flaw can also lead to other attacks such as denial of service (DoS).
CPE | Name | Operator | Version |
---|---|---|---|
simplesamlphp/simplesamlphp | le | 1.14.10 | |
simplesamlphp:stretch | eq | 1.14.11-1+deb9u2 |