CVE-2017-18122
HIGHSimpleSAMLphp < 1.14.16 - Signature Validation Bypass via Multiple Signed Assertions
Title source: llmDescription
A signature-validation bypass issue was discovered in SimpleSAMLphp through 1.14.16. A SimpleSAMLphp Service Provider using SAML 1.1 will regard as valid any unsigned SAML response containing more than one signed assertion, provided that the signature of at least one of the assertions is valid. Attributes contained in all the assertions received will be merged and the entityID of the first assertion received will be used, allowing an attacker to impersonate any user of any IdP given an assertion signed by the targeted IdP.
References (3)
Core 3
Core References
Mailing List, Third Party Advisory mailing-list
x_refsource_mlist
https://lists.debian.org/debian-lts-announce/2018/02/msg00008.html
Third Party Advisory vendor-advisory
x_refsource_debian
https://www.debian.org/security/2018/dsa-4127
Patch, Vendor Advisory x_refsource_confirm
https://simplesamlphp.org/security/201710-01
Scores
CVSS v3
8.1
EPSS
0.0112
EPSS Percentile
61.9%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-347
Status
published
Products (5)
debian/debian_linux
7.0
debian/debian_linux
8.0
debian/debian_linux
9.0
simplesamlphp/simplesamlphp
< 1.14.16
simplesamlphp/simplesamlphp
0 - 1.14.17Packagist
Published
Feb 02, 2018
Tracked Since
Feb 18, 2026