simplesamlphp is vulnerable to timing attacks. The library does not compare cookies in constant time, allowing malicious users to guess the valid cookies based on the time that a comparison takes.
CPE | Name | Operator | Version |
---|---|---|---|
simplesamlphp/simplesamlphp | le | 1.14.11 |