The aesEncrypt method in lib/SimpleSAML/Utils/Crypto.php in SimpleSAMLphp 1.14.x through 1.14.11 makes it easier for context-dependent attackers to bypass the encryption protection mechanism by leveraging use of the first 16 bytes of the secret key as the initialization vector (IV).
2017-09-01T21:29:00.530
2025-04-20T01:37:25.860
Deferred
CVSSv3.0: 5.9 (MEDIUM)
AV:N/AC:M/Au:N/C:P/I:N/A:N
8.6
2.9
| Type | Vendor | Product | Version/Range | Vulnerable? |
|---|---|---|---|---|
| Application | simplesamlphp | simplesamlphp | 1.14.0 | Yes |
| Application | simplesamlphp | simplesamlphp | 1.14.1 | Yes |
| Application | simplesamlphp | simplesamlphp | 1.14.2 | Yes |
| Application | simplesamlphp | simplesamlphp | 1.14.3 | Yes |
| Application | simplesamlphp | simplesamlphp | 1.14.4 | Yes |
| Application | simplesamlphp | simplesamlphp | 1.14.5 | Yes |
| Application | simplesamlphp | simplesamlphp | 1.14.6 | Yes |
| Application | simplesamlphp | simplesamlphp | 1.14.7 | Yes |
| Application | simplesamlphp | simplesamlphp | 1.14.8 | Yes |
| Application | simplesamlphp | simplesamlphp | 1.14.9 | Yes |
| Application | simplesamlphp | simplesamlphp | 1.14.10 | Yes |
| Application | simplesamlphp | simplesamlphp | 1.14.11 | Yes |