CVE-2017-12870CVE-2017-12870

Affected configuration(s):

cpe:/a:simplesamlphp:simplesamlphp:1.14.12

Date published: 2017-09-01T09:29:00.333-04:00

Date last modified: 2017-09-05T21:35:44.217-04:00

CVSS Score: 4.3

Principal attack vector: NETWORK

Complexity:  MEDIUM

Reference URL: https://simplesamlphp.org/security/201704-01

Summary: SimpleSAMLphp 1.14.12 and earlier make it easier for man-in-the-middle attackers to obtain sensitive information by leveraging use of the aesEncrypt and aesDecrypt methods in the SimpleSAML/Utils/Crypto class to protect session identifiers in replies to non-HTTPS service providers.

CategoriesUncategorised

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.