CVE-2017-18122
First published: Wed Oct 25 2017(Updated: )
A signature-validation bypass issue was discovered in SimpleSAMLphp through 1.14.16. A SimpleSAMLphp Service Provider using SAML 1.1 will regard as valid any unsigned SAML response containing more than one signed assertion, provided that the signature of at least one of the assertions is valid. Attributes contained in all the assertions received will be merged and the entityID of the first assertion received will be used, allowing an attacker to impersonate any user of any IdP given an assertion signed by the targeted IdP.
Credit: cve@mitre.org cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| composer/simplesamlphp/simplesamlphp | <1.14.17 | |
| debian/simplesamlphp | 1.16.3-1+deb10u2 1.16.3-1+deb10u1 1.19.0-1 1.19.7-1 | |
| composer/simplesamlphp/simplesamlphp | <1.14.17 | 1.14.17 |
| SimpleSAMLphp | <=1.14.16 | |
| Debian GNU/Linux | =7.0 | |
| Debian GNU/Linux | =8.0 | |
| Debian GNU/Linux | =9.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://simplesamlphp.org/security/201710-01
- https://lists.debian.org/debian-lts-announce/2018/02/msg00008.html
- https://www.debian.org/security/2018/dsa-4127
- https://github.com/simplesamlphp/simplesamlphp/commit/e2d53086abbb253efb24ddcb49b116246eb0b6ca
- https://security-tracker.debian.org/tracker/CVE-2017-18122
- https://nvd.nist.gov/vuln/detail/CVE-2017-18122
- https://github.com/FriendsOfPHP/security-advisories/blob/master/simplesamlphp/simplesamlphp/CVE-2017-18122.yaml
- https://github.com/advisories/GHSA-j4qf-3w33-8cgc (Advisory)
Frequently Asked Questions
What is the severity of CVE-2017-18122?
CVE-2017-18122 has been rated as a moderate severity vulnerability due to the potential for unauthorized access to sensitive information.
How do I fix CVE-2017-18122?
To fix CVE-2017-18122, upgrade SimpleSAMLphp to version 1.14.17 or later.
Which versions of SimpleSAMLphp are affected by CVE-2017-18122?
Versions of SimpleSAMLphp prior to 1.14.17 are affected by CVE-2017-18122.
Does CVE-2017-18122 affect only SimpleSAMLphp Service Providers using SAML 1.1?
Yes, CVE-2017-18122 specifically affects SimpleSAMLphp Service Providers that utilize SAML 1.1.
What kind of issue is addressed by CVE-2017-18122?
CVE-2017-18122 addresses a signature-validation bypass issue that can compromise the integrity of SAML responses.
- collector/friends-of-php
- collector/security-tracker-debian
- agent/type
- agent/first-publish-date
- collector/github-advisory-latest
- source/GitHub
- alias/GHSA-j4qf-3w33-8cgc
- alias/CVE-2017-18122
- agent/software-canonical-lookup
- agent/references
- agent/severity
- agent/weakness
- agent/remedy
- agent/description
- agent/author
- collector/github-advisory
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/event
- agent/trending
- agent/source
- collector/nvd-cve
- source/NVD
- agent/software-canonical-lookup-request
- agent/softwarecombine
- agent/tags
- collector/nvd-index
- package-manager/composer
- package-manager/debian
- vendor/simplesamlphp
- canonical/simplesamlphp
- version/simplesamlphp/1.14.16
- vendor/debian
- canonical/debian gnu/linux
- version/debian gnu/linux/7.0
- version/debian gnu/linux/8.0
- version/debian gnu/linux/9.0