← voltar
CVE-2017-12868

CVE-2017-12868

EPSS 2.1%
The secureCompare method in lib/SimpleSAML/Utils/Crypto.php in SimpleSAMLphp 1.14.13 and earlier, when used with PHP before 5.6, allows attackers to conduct session fixation attacks or possibly bypass authentication by leveraging missing character conversions before an XOR operation.
Produtos afetados
n/a · n/a

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →
Referências
https://github.com/simplesamlphp/simplesamlphp/commit/4bc629658e7b7d17c9ac3fe0da7dc5df71f1b85ehttps://lists.debian.org/debian-lts-announce/2017/12/msg00007.htmlhttps://lists.debian.org/debian-lts-announce/2018/06/msg00017.htmlhttps://simplesamlphp.org/security/201705-01