cvedb.io
CVE-2017-18122
HIGH · CVSS 8.1
EPSS exploitation probability: 0%
Published 2018-02-02T15:29:00.283 · Last modified 2026-06-17T01:12:13.950

Summary

A signature-validation bypass issue was discovered in SimpleSAMLphp through 1.14.16. A SimpleSAMLphp Service Provider using SAML 1.1 will regard as valid any unsigned SAML response containing more than one signed assertion, provided that the signature of at least one of the assertions is valid. Attributes contained in all the assertions received will be merged and the entityID of the first assertion received will be used, allowing an attacker to impersonate any user of any IdP given an assertion signed by the targeted IdP.

Affected products

simplesamlphp — simplesamlphp

Does this affect you?

Add your gear to cvedb and we'll alert you only when simplesamlphp ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.