CVE-2017-18122

Published: 02 February 2018

A signature-validation bypass issue was discovered in SimpleSAMLphp through 1.14.16. A SimpleSAMLphp Service Provider using SAML 1.1 will regard as valid any unsigned SAML response containing more than one signed assertion, provided that the signature of at least one of the assertions is valid. Attributes contained in all the assertions received will be merged and the entityID of the first assertion received will be used, allowing an attacker to impersonate any user of any IdP given an assertion signed by the targeted IdP.

Priority

Medium

CVSS 3 base score: 8.1

Status

Package Release Status
simplesamlphp
Launchpad, Ubuntu, Debian
Upstream
Released (1.15.0-1)
Ubuntu 20.10 (Groovy Gorilla) Not vulnerable
(1.15.2-1)
Ubuntu 20.04 LTS (Focal Fossa) Not vulnerable
(1.15.2-1)
Ubuntu 18.04 LTS (Bionic Beaver) Not vulnerable
(1.15.2-1)
Ubuntu 16.04 LTS (Xenial Xerus) Needed

Ubuntu 14.04 ESM (Trusty Tahr) Does not exist
(trusty was needed)