File tree Expand file tree Collapse file tree
Expand file tree Collapse file tree Original file line number Diff line number Diff line change 1+ ---
2+ layout : default
3+ title : " SSPSA 202501-01: Signature bypass vulnerability"
4+ ---
5+
6+ <aside ><div class =" sidebar-warning right " >
7+ <h2 >Date</h2 >
8+ 11 March 2025
9+ <h2 >Affected versions</h2 >
10+
11+ <code >SimpleSAMLphp 2.3.0 - 2.3.6</code ><br />
12+ <code >SimpleSAMLphp 2.2.0 - 2.2.4</code ><br />
13+
14+ <code >Any older version</code ><br />
15+ <h2 >Severity</h2 >
16+ High - CVE 8.6
17+ </div ></aside >
18+
19+ # 202501-01
20+
21+ ** Signature bypass vulnerability**
22+
23+ ### Description
24+
25+ When passing multiple SAMLResponse-parameters, the signature would be validated on the second one instead of the first one.
26+
27+ ### Mitigation:
28+
29+ Update to the latest version of SimpleSAMLphp, or manually bump the ` simplesamlphp/saml2 ` dependency to v4.17.0
30+
31+ ### Background / details
32+
33+ The HTTPRedirect-binding didn't properly check the query-parameters.
34+ We've changed it to check for duplicate parameters and any illegal combination of parameters (i.e. both a SAMLResponse and a SAMLRequest).
35+
36+ ### Credit
37+
38+ This vulnerability was discovered and reported by ahacker1-securesaml on November 18, 2024.
39+ It is registered under CVE-2025 -27773.
You can’t perform that action at this time.
0 commit comments