← back
CVE-2017-12873

CVE-2017-12873

EPSS 1.7%
SimpleSAMLphp 1.7.0 through 1.14.10 might allow attackers to obtain sensitive information, gain unauthorized access, or have unspecified other impacts by leveraging incorrect persistent NameID generation when an Identity Provider (IdP) is misconfigured.
Affected products
n/a · n/a

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://github.com/simplesamlphp/simplesamlphp/commit/90dca835158495b173808273e7df127303b8b953https://lists.debian.org/debian-lts-announce/2017/12/msg00007.htmlhttps://simplesamlphp.org/security/201612-04https://www.debian.org/security/2018/dsa-4127