Untriaged
simplesamlphp before 1.6.3 (squeeze) and before 1.8.2 (sid) incorrectly handles …
simplesamlphp before 1.6.3 (squeeze) and before 1.8.2 (sid) incorrectly handles XML encryption which could allow remote attackers to decrypt or forge messages.
References
- https://security-tracker.debian.org/tracker/CVE-2011-4625 x_refsource_MISC
- https://www.mageni.net/1.3.6.1.4.1.25623.1.0.70545 x_refsource_MISC
- https://www.mageni.net/1.3.6.1.4.1.25623.1.0.70545 x_refsource_MISC x_transferred
- https://security-tracker.debian.org/tracker/CVE-2011-4625 x_refsource_MISC x_transferred
- https://www.mageni.net/1.3.6.1.4.1.25623.1.0.70545 x_refsource_MISC
- https://security-tracker.debian.org/tracker/CVE-2011-4625 x_refsource_MISC
- https://security-tracker.debian.org/tracker/CVE-2011-4625 x_refsource_MISC x_transferred
- https://www.mageni.net/1.3.6.1.4.1.25623.1.0.70545 x_refsource_MISC x_transferred
Affected products
simplesamlphp
- ==1.13.1-2
Matching in nixpkgs
pkgs.simplesamlphp
SimpleSAMLphp is an application written in native PHP that deals with authentication (SQL, .htpasswd, YubiKey, LDAP, PAPI, Radius)
Package maintainers
-
@thenhnn nhnn