Date published: 2017-09-01T09:29:00.333-04:00
Date last modified: 2017-09-05T21:35:44.217-04:00
CVSS Score: 4.3
Principal attack vector: NETWORK
Reference URL: https://simplesamlphp.org/security/201704-01
Summary: SimpleSAMLphp 1.14.12 and earlier make it easier for man-in-the-middle attackers to obtain sensitive information by leveraging use of the aesEncrypt and aesDecrypt methods in the SimpleSAML/Utils/Crypto class to protect session identifiers in replies to non-HTTPS service providers.