QwikSec

Security Database

CVE

CWE

Training

CVE-2017-12873

Published: Sep 1, 2017

Modified: Aug 5, 2024

PUBLISHED

Description

SimpleSAMLphp 1.7.0 through 1.14.10 might allow attackers to obtain sensitive information, gain unauthorized access, or have unspecified other impacts by leveraging incorrect persistent NameID generation when an Identity Provider (IdP) is misconfigured.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

https://github.com/simplesamlphp/simplesamlphp/commit/90dca835158495b173808273e7df127303b8b953

x_refsource_CONFIRM

[debian-lts-announce] 20171212 [SECURITY] [DLA 1205-1] simplesamlphp security update

mailing-list

x_refsource_MLIST

https://simplesamlphp.org/security/201612-04

x_refsource_CONFIRM

vendor-advisory

x_refsource_DEBIAN

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.