Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2017-18122

A signature-validation bypass issue was discovered in SimpleSAMLphp through 1.14.16. A SimpleSAMLphp Service Provider using SAML 1.1 will regard as valid any unsigned SAML response containing more than one signed assertion, provided that the signature of at least one of the assertions is valid. Attributes contained in all the assertions received will be merged and the entityID of the first assertion received will be used, allowing an attacker to impersonate any user of any IdP given an assertion signed by the targeted IdP.

Published

2018-02-02T15:29:00.283

Last Modified

2024-11-21T03:19:23.663

Status

Modified

Source

[email protected]

Severity

CVSSv3.0: 8.1 (HIGH)

CVSSv2 Vector

AV:N/AC:M/Au:N/C:P/I:P/A:P

Access Vector: NETWORK
Access Complexity: MEDIUM
Authentication: NONE
Confidentiality Impact: PARTIAL
Integrity Impact: PARTIAL
Availability Impact: PARTIAL

Exploitability Score

8.6

Impact Score

6.4

Weaknesses

Type: Primary
CWE-347

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	simplesamlphp	simplesamlphp	≤ 1.14.16	Yes
Operating System	debian	debian_linux	7.0	Yes
Operating System	debian	debian_linux	8.0	Yes
Operating System	debian	debian_linux	9.0	Yes

References

https://lists.debian.org/debian-lts-announce/2018/02/msg00008.html Mailing List, Third Party Advisory ([email protected])
https://simplesamlphp.org/security/201710-01 Patch, Vendor Advisory ([email protected])
https://www.debian.org/security/2018/dsa-4127 Third Party Advisory ([email protected])
https://lists.debian.org/debian-lts-announce/2018/02/msg00008.html Mailing List, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://simplesamlphp.org/security/201710-01 Patch, Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://www.debian.org/security/2018/dsa-4127 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)