Skip to main content

Simplesamlphp CVE-2018-6521

CRITICAL
2018-02-02 cve@mitre.org
9.8
CVSS 3.0 · NVD
Share

Severity by source

NVD PRIMARY
9.8 CRITICAL
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

1
CVE Published
Feb 02, 2018 - 01:29 nvd
CRITICAL 9.8

DescriptionNVD

The sqlauth module in SimpleSAMLphp before 1.15.2 relies on the MySQL utf8 charset, which truncates queries upon encountering four-byte characters. There might be a scenario in which this allows remote attackers to bypass intended access restrictions.

AnalysisAI

The sqlauth module in SimpleSAMLphp before 1.15.2 relies on the MySQL utf8 charset, which truncates queries upon encountering four-byte characters. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Technical ContextAI

The sqlauth module in SimpleSAMLphp before 1.15.2 relies on the MySQL utf8 charset, which truncates queries upon encountering four-byte characters. There might be a scenario in which this allows remote attackers to bypass intended access restrictions. Affected products include: Simplesamlphp, Debian Debian Linux. Version information: before 1.15.2.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.

CVE-2017-12868 CRITICAL
9.8 Sep 01

The secureCompare method in lib/SimpleSAML/Utils/Crypto.php in SimpleSAMLphp 1.14.13 and earlier, when used with PHP bef

CVE-2017-12873 CRITICAL
9.8 Sep 01

SimpleSAMLphp 1.7.0 through 1.14.10 might allow attackers to obtain sensitive information, gain unauthorized access, or

CVE-2016-9814 CRITICAL
9.1 Feb 17

The validateSignature method in the SAML2\Utils class in SimpleSAMLphp before 1.14.10 and simplesamlphp/saml2 library be

CVE-2019-3465 HIGH
8.8 Nov 07

Rob Richards XmlSecLibs, all versions prior to v3.0.3, as used for example by SimpleSAMLphp, performed incorrect validat

CVE-2018-7711 HIGH
8.1 Mar 05

HTTPRedirect.php in the saml2 library in SimpleSAMLphp before 1.15.4 has an incorrect check of return values in the sign

CVE-2017-12869 HIGH
7.5 Sep 01

The multiauth module in SimpleSAMLphp 1.14.13 and earlier allows remote attackers to bypass authentication context restr

CVE-2018-7644 HIGH
7.5 Mar 05

The XmlSecLibs library as used in the saml2 library in SimpleSAMLphp before 1.15.3 incorrectly verifies signatures on SA

CVE-2016-9955 MEDIUM
6.3 Feb 17

The SimpleSAML_XML_Validator class constructor in SimpleSAMLphp before 1.14.11 might allow remote attackers to spoof sig

CVE-2018-6520 MEDIUM
6.1 Feb 02

SimpleSAMLphp before 1.15.2 allows remote attackers to bypass an open redirect protection mechanism via crafted authorit

CVE-2017-12872 MEDIUM
5.9 Sep 01

The (1) Htpasswd authentication source in the authcrypt module and (2) SimpleSAML_Session class in SimpleSAMLphp 1.14.11

CVE-2017-12870 MEDIUM
5.9 Sep 01

SimpleSAMLphp 1.14.12 and earlier make it easier for man-in-the-middle attackers to obtain sensitive information by leve

CVE-2017-12867 MEDIUM
5.9 Aug 29

The SimpleSAML_Auth_TimeLimitedToken class in SimpleSAMLphp 1.14.14 and earlier allows attackers with access to a secret

Share

CVE-2018-6521 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy