EPSS
Percentile
72.4%
SimpleSAML is vulnerable to session fixation attacks. This happens due to the incorrect conversion to an integer of individual bytes in both strings before an XOR operation in the secureCompare() method in lib/SimpleSAML/Utils/Crypto.php.
secureCompare()
lib/SimpleSAML/Utils/Crypto.php
github.com/simplesamlphp/simplesamlphp/commit/4bc629658e7b7d17c9ac3fe0da7dc5df71f1b85e
simplesamlphp.org/security/201705-01