Lucene search
Veracode Vulnerability DatabaseVERACODE:4929HistoryAug 21, 2017 - 2:33 p.m.
Authentication Bypass
2017-08-2114:33:06
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
7
0.004 Low
EPSS
Percentile
73.5%
simplesamlphp is vulnerable to authentication bypass. When the IdP is incorrectly configured it is possible for multiple users to be assigned a null value as a NameID, allowing a malicious user to authenticate themselves to another user’s account.
| CPE | Name | Operator | Version |
|---|---|---|---|
| simplesamlphp/simplesamlphp | le | 1.14.10 |
Related
cve
cve
CVE-2017-12873
2017-09-01 21:29:00
github
github
Incorrect persistent NameID generation in SimpleSAMLphp
2020-01-24 21:28:06
ubuntucve
ubuntucve
CVE-2017-12873
2017-09-01 00:00:00
nvd
nvd
CVE-2017-12873
2017-09-01 21:29:00
friendsofphp
friendsofphp
Incorrect persistent NameID generation
2016-12-12 12:13:00
debiancve
debiancve
CVE-2017-12873
2017-09-01 21:29:00
osv
osv
CVE-2017-12873
2017-09-01 21:29:00
Incorrect persistent NameID generation in SimpleSAMLphp
2020-01-24 21:28:06
simplesamlphp - security update
2017-12-12 00:00:00
prion
prion
Code injection
2017-09-01 21:29:00
cvelist
cvelist
CVE-2017-12873
2017-09-01 21:00:00
nessus
nessus
Debian DLA-1205-1 : simplesamlphp security update
2017-12-13 00:00:00
Debian DSA-4127-1 : simplesamlphp - security update
2018-03-05 00:00:00
debian
debian
[SECURITY] [DLA 1205-1] simplesamlphp security update
2017-12-12 10:13:22
[SECURITY] [DSA 4127-1] simplesamlphp security update
2018-03-02 06:15:39
[SECURITY] [DSA 4127-1] simplesamlphp security update
2018-03-02 06:15:39
openvas
openvas
Debian: Security Advisory (DLA-1205-1)
2023-03-08 00:00:00
Debian: Security Advisory (DSA-4127-1)
2018-03-01 00:00:00