← volver
CVE-2017-12873

CVE-2017-12873

EPSS 1.7%
SimpleSAMLphp 1.7.0 through 1.14.10 might allow attackers to obtain sensitive information, gain unauthorized access, or have unspecified other impacts by leveraging incorrect persistent NameID generation when an Identity Provider (IdP) is misconfigured.
Productos afectados
n/a · n/a

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →
Referencias
https://github.com/simplesamlphp/simplesamlphp/commit/90dca835158495b173808273e7df127303b8b953https://lists.debian.org/debian-lts-announce/2017/12/msg00007.htmlhttps://simplesamlphp.org/security/201612-04https://www.debian.org/security/2018/dsa-4127