simplesamlphp is vulnerable to padding oracle attacks. The library does not authenticate the ciphertext, allowing a malicious user listening in on the network to conduct a padding oracle attack to recover the identifier and try impersonating the user.