Vulnerabilities > Simplesamlphp > Simplesamlphp > 1.14.13
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2017-09-01 | CVE-2017-12869 | Improper Input Validation vulnerability in multiple products The multiauth module in SimpleSAMLphp 1.14.13 and earlier allows remote attackers to bypass authentication context restrictions and use an authentication source defined in config/authsources.php via vectors related to improper validation of user input. | 5.0 |
2017-09-01 | CVE-2017-12868 | Session Fixation vulnerability in Simplesamlphp The secureCompare method in lib/SimpleSAML/Utils/Crypto.php in SimpleSAMLphp 1.14.13 and earlier, when used with PHP before 5.6, allows attackers to conduct session fixation attacks or possibly bypass authentication by leveraging missing character conversions before an XOR operation. | 7.5 |
2017-08-29 | CVE-2017-12867 | Insufficient Session Expiration vulnerability in Simplesamlphp The SimpleSAML_Auth_TimeLimitedToken class in SimpleSAMLphp 1.14.14 and earlier allows attackers with access to a secret token to extend its validity period by manipulating the prepended time offset. | 4.3 |