QwikSec

Security Database

CVE

CWE

Training

CVE-2017-12868

Published: Sep 1, 2017

Modified: Aug 5, 2024

PUBLISHED

Description

The secureCompare method in lib/SimpleSAML/Utils/Crypto.php in SimpleSAMLphp 1.14.13 and earlier, when used with PHP before 5.6, allows attackers to conduct session fixation attacks or possibly bypass authentication by leveraging missing character conversions before an XOR operation.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

https://simplesamlphp.org/security/201705-01

x_refsource_CONFIRM

[debian-lts-announce] 20171212 [SECURITY] [DLA 1205-1] simplesamlphp security update

mailing-list

x_refsource_MLIST

https://github.com/simplesamlphp/simplesamlphp/commit/4bc629658e7b7d17c9ac3fe0da7dc5df71f1b85e

x_refsource_CONFIRM

[debian-lts-announce] 20180629 [SECURITY] [DLA 1408-1] simplesamlphp security update

mailing-list

x_refsource_MLIST

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.