CVE-2017-12867

Опубликовано: 29 авг. 2017

Источник: debian

Описание

The SimpleSAML_Auth_TimeLimitedToken class in SimpleSAMLphp 1.14.14 and earlier allows attackers with access to a secret token to extend its validity period by manipulating the prepended time offset.

Пакеты

Пакет	Статус	Версия исправления	Релиз	Тип
simplesamlphp	fixed	1.14.15-1		package

Примечания

https://simplesamlphp.org/security/201708-01
Patch: https://github.com/simplesamlphp/simplesamlphp/commit/608f24c2d5afd70c2af050785d2b12f878b33c68

Связанные уязвимости

CVE-2017-12867

CVSS3: 5.9

ubuntu

больше 8 лет назад

The SimpleSAML_Auth_TimeLimitedToken class in SimpleSAMLphp 1.14.14 and earlier allows attackers with access to a secret token to extend its validity period by manipulating the prepended time offset.

CVE-2017-12867

CVSS3: 5.9

nvd

больше 8 лет назад

The SimpleSAML_Auth_TimeLimitedToken class in SimpleSAMLphp 1.14.14 and earlier allows attackers with access to a secret token to extend its validity period by manipulating the prepended time offset.

GHSA-597c-mh7m-48v7

CVSS3: 5.9

github

больше 3 лет назад

SimpleSAMLphp Invalid token creation and validation