CVE-2017-12873
N/A
N/A
Summary
SimpleSAMLphp 1.7.0 through 1.14.10 might allow attackers to obtain sensitive information, gain unauthorized access, or have unspecified other impacts by leveraging incorrect persistent NameID generation when an Identity Provider (IdP) is misconfigured.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| n/a | n/a | n/a | affected |
Weaknesses
- n/a
ADP Enrichment
CVE Program Container
Additional References
- https://github.com/simplesamlphp/simplesamlphp/commit/90dca835158495b173808273e7df127303b8b953
- https://lists.debian.org/debian-lts-announce/2017/12/msg00007.html
- https://simplesamlphp.org/security/201612-04
- https://www.debian.org/security/2018/dsa-4127
References
- https://github.com/simplesamlphp/simplesamlphp/commit/90dca835158495b173808273e7df127303b8b953
- https://lists.debian.org/debian-lts-announce/2017/12/msg00007.html
- https://simplesamlphp.org/security/201612-04
- https://www.debian.org/security/2018/dsa-4127
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.