Authentication Bypass Vulnerability in SimpleSAMLphp's Multiauth Module

Authentication Bypass Vulnerability in SimpleSAMLphp's Multiauth Module

CVE-2017-12869 · MEDIUM Severity

AV:N/AC:L/AU:N/C:N/I:P/A:N

The multiauth module in SimpleSAMLphp 1.14.13 and earlier allows remote attackers to bypass authentication context restrictions and use an authentication source defined in config/authsources.php via vectors related to improper validation of user input.

Learn more about our User Device Pen Test.