simplesamlphp is vulnerable to authentication bypass. When the IdP is incorrectly configured it is possible for multiple users to be assigned a null value as a NameID, allowing a malicious user to authenticate themselves to another user’s account.
CPE | Name | Operator | Version |
---|---|---|---|
simplesamlphp/simplesamlphp | le | 1.14.10 |