CVE-2017-18122

See a problem?
Please try reporting it to the source first.
Source
https://nvd.nist.gov/vuln/detail/CVE-2017-18122
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2017-18122.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2017-18122
Aliases
Downstream
Published
2018-02-02T15:29:00Z
Modified
2025-10-21T02:36:16Z
Severity
  • 8.1 (High) CVSS_V3 - CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
Summary
[none]
Details

A signature-validation bypass issue was discovered in SimpleSAMLphp through 1.14.16. A SimpleSAMLphp Service Provider using SAML 1.1 will regard as valid any unsigned SAML response containing more than one signed assertion, provided that the signature of at least one of the assertions is valid. Attributes contained in all the assertions received will be merged and the entityID of the first assertion received will be used, allowing an attacker to impersonate any user of any IdP given an assertion signed by the targeted IdP.

References

Affected packages

Git / github.com/simplesamlphp/simplesamlphp

Affected ranges

Type
GIT
Repo
https://github.com/simplesamlphp/simplesamlphp
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
9ebbbbc7fa334d55526c2a5e230d9941002cdcb8