Lucene search
Veracode Vulnerability DatabaseVERACODE:4923HistoryAug 21, 2017 - 9:02 a.m.
Unauthorized Extension Of Token Validity
2017-08-2109:02:17
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
7
0.001 Low
EPSS
Percentile
50.9%
simplesamlphp is vulnerable to having a token’s validity period extended by an unauthorized party. The vulnerability is possible because there is a flaw in the calculateTokenValue() function in TimeLimitedToken.php. The flaw allows an attacker to extend the prepended offset as much as needed to hit the time slot it was generated on.
| CPE | Name | Operator | Version |
|---|---|---|---|
| simplesamlphp/simplesamlphp | le | 1.14.14 |
Related
cve
cve
CVE-2017-12867
2017-08-29 15:29:00
ubuntucve
ubuntucve
CVE-2017-12867
2017-08-29 00:00:00
osv
osv
SimpleSAMLphp Invalid token creation and validation
2022-05-13 01:42:46
CVE-2017-12867
2017-08-29 15:29:00
simplesamlphp - security update
2017-12-12 00:00:00
github
github
SimpleSAMLphp Invalid token creation and validation
2022-05-13 01:42:46
prion
prion
Design/Logic Flaw
2017-08-29 15:29:00
cvelist
cvelist
CVE-2017-12867
2017-08-29 15:00:00
debiancve
debiancve
CVE-2017-12867
2017-08-29 15:29:00
nvd
nvd
CVE-2017-12867
2017-08-29 15:29:00
friendsofphp
friendsofphp
Invalid token creation and validation
2017-06-28 14:13:10
openvas
openvas
Debian: Security Advisory (DLA-1205-1)
2023-03-08 00:00:00
Debian: Security Advisory (DSA-4127-1)
2018-03-01 00:00:00
nessus
nessus
Debian DLA-1205-1 : simplesamlphp security update
2017-12-13 00:00:00
Debian DSA-4127-1 : simplesamlphp - security update
2018-03-05 00:00:00
debian
debian
[SECURITY] [DLA 1205-1] simplesamlphp security update
2017-12-12 10:13:22
[SECURITY] [DSA 4127-1] simplesamlphp security update
2018-03-02 06:15:39
[SECURITY] [DSA 4127-1] simplesamlphp security update
2018-03-02 06:15:39