Simplesamlphp
CVE-2017-12870
MEDIUM
Severity by source
AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
Lifecycle Timeline
1DescriptionCVE.org
SimpleSAMLphp 1.14.12 and earlier make it easier for man-in-the-middle attackers to obtain sensitive information by leveraging use of the aesEncrypt and aesDecrypt methods in the SimpleSAML/Utils/Crypto class to protect session identifiers in replies to non-HTTPS service providers.
AnalysisAI
SimpleSAMLphp 1.14.12 and earlier make it easier for man-in-the-middle attackers to obtain sensitive information by leveraging use of the aesEncrypt and aesDecrypt methods in the. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.
Technical ContextAI
This vulnerability is classified as Exposure of Sensitive Information (CWE-200), which allows attackers to access sensitive data that should not be disclosed. SimpleSAMLphp 1.14.12 and earlier make it easier for man-in-the-middle attackers to obtain sensitive information by leveraging use of the aesEncrypt and aesDecrypt methods in the SimpleSAML/Utils/Crypto class to protect session identifiers in replies to non-HTTPS service providers. Affected products include: Simplesamlphp.
RemediationAI
A vendor patch is available. Apply the latest security update as soon as possible. Minimize information in error messages, implement proper access controls, encrypt sensitive data at rest and in transit.
More in Simplesamlphp
View allThe sqlauth module in SimpleSAMLphp before 1.15.2 relies on the MySQL utf8 charset, which truncates queries upon encount
The secureCompare method in lib/SimpleSAML/Utils/Crypto.php in SimpleSAMLphp 1.14.13 and earlier, when used with PHP bef
SimpleSAMLphp 1.7.0 through 1.14.10 might allow attackers to obtain sensitive information, gain unauthorized access, or
The validateSignature method in the SAML2\Utils class in SimpleSAMLphp before 1.14.10 and simplesamlphp/saml2 library be
Rob Richards XmlSecLibs, all versions prior to v3.0.3, as used for example by SimpleSAMLphp, performed incorrect validat
HTTPRedirect.php in the saml2 library in SimpleSAMLphp before 1.15.4 has an incorrect check of return values in the sign
The multiauth module in SimpleSAMLphp 1.14.13 and earlier allows remote attackers to bypass authentication context restr
The XmlSecLibs library as used in the saml2 library in SimpleSAMLphp before 1.15.3 incorrectly verifies signatures on SA
The SimpleSAML_XML_Validator class constructor in SimpleSAMLphp before 1.14.11 might allow remote attackers to spoof sig
SimpleSAMLphp before 1.15.2 allows remote attackers to bypass an open redirect protection mechanism via crafted authorit
The (1) Htpasswd authentication source in the authcrypt module and (2) SimpleSAML_Session class in SimpleSAMLphp 1.14.11
The SimpleSAML_Auth_TimeLimitedToken class in SimpleSAMLphp 1.14.14 and earlier allows attackers with access to a secret
Same weakness CWE-200 – Information Exposure
View allSame technique Information Disclosure
View allShare
External POC / Exploit Code
Leaving vuln.today