Incorrect Persistent NameID Generation in SimpleSAMLphp 1.7.0 through 1.14.10

Incorrect Persistent NameID Generation in SimpleSAMLphp 1.7.0 through 1.14.10

CVE-2017-12873 · HIGH Severity

AV:N/AC:L/AU:N/C:P/I:P/A:P

SimpleSAMLphp 1.7.0 through 1.14.10 might allow attackers to obtain sensitive information, gain unauthorized access, or have unspecified other impacts by leveraging incorrect persistent NameID generation when an Identity Provider (IdP) is misconfigured.

Learn more about our Web Application Penetration Testing UK.