SimpleSAMLphp is vulnerable to authentication bypasses. A malicious user can pass an unsigned SAML response with multiple assertions to the application. As long as one of the assertions are valid the application will consider the SAML response valid and grant access to the malicious user.
CPE | Name | Operator | Version |
---|---|---|---|
simplesamlphp/simplesamlphp | le | 1.14.16 |