Package impact
Packagist / simplesamlphp/simplesamlphp
| CVE | Severity | CVSS | Risk | Published | Description | Impact |
|---|---|---|---|---|---|---|
| CVE-2017-12873 | critical | 9.8 | 9.8 | 9y ago | SimpleSAMLphp 1.7.0 through 1.14.10 might allow attackers to obtain sensitive information, gain unauthorized access, or have unspecified other impacts by leveraging incorrect persistent NameID genera… | |
| CVE-2017-12868 | critical | 9.8 | 9.8 | 9y ago | The secureCompare method in lib/SimpleSAML/Utils/Crypto.php in SimpleSAMLphp 1.14.13 and earlier, when used with PHP before 5.6, allows attackers to conduct session fixation attacks or possibly bypas… | |
| CVE-2017-12869 | high | 7.5 | 7.5 | 9y ago | The multiauth module in SimpleSAMLphp 1.14.13 and earlier allows remote attackers to bypass authentication context restrictions and use an authentication source defined in config/authsources.php via … |