CVE-2017-12868 - OpenCVE

The secureCompare method in lib/SimpleSAML/Utils/Crypto.php in SimpleSAMLphp 1.14.13 and earlier, when used with PHP before 5.6, allows attackers to conduct session fixation attacks or possibly bypass authentication by leveraging missing character conversions before an XOR operation.

No CVSS v3.1

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:L/Au:N/C:P/I:P/A:P

Vendors & Products
CPE Configurations

Vendors	Products
Simplesamlphp	Simplesamlphp
Php	Php

Configuration 1 [-]

AND

cpe:2.3:a:simplesamlphp:simplesamlphp:*:*:*:*:*:*:*:*

cpe:2.3:a:php:php:*:*:*:*:*:*:*:*

References

Link	Resource
https://github.com/simplesamlphp/simplesamlphp/commit/4bc629658e7b7d17c9ac3fe0da7dc5df71f1b85e	Issue Tracking Patch Third Party Advisory
https://lists.debian.org/debian-lts-announce/2017/12/msg00007.html
https://lists.debian.org/debian-lts-announce/2018/06/msg00017.html
https://simplesamlphp.org/security/201705-01	Patch Vendor Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2017-09-01T13:00:00

Updated: 2018-06-30T09:57:01

Reserved: 2017-08-15T00:00:00

Link: CVE-2017-12868

JSON object: View

NVD Information

Status : Modified

Published: 2017-09-01T13:29:00.240

Modified: 2018-07-01T01:29:01.317

Link: CVE-2017-12868

JSON object: View

Redhat Information

No data.

CWE

CWE-384

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2017-05-05T00:00:00", "descriptions": [{"lang": "en", "value": "The secureCompare method in lib/SimpleSAML/Utils/Crypto.php in SimpleSAMLphp 1.14.13 and earlier, when used with PHP before 5.6, allows attackers to conduct session fixation attacks or possibly bypass authentication by leveraging missing character conversions before an XOR operation."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-06-30T09:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://simplesamlphp.org/security/201705-01"}, {"name": "[debian-lts-announce] 20171212 [SECURITY] [DLA 1205-1] simplesamlphp security update", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.debian.org/debian-lts-announce/2017/12/msg00007.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://github.com/simplesamlphp/simplesamlphp/commit/4bc629658e7b7d17c9ac3fe0da7dc5df71f1b85e"}, {"name": "[debian-lts-announce] 20180629 [SECURITY] [DLA 1408-1] simplesamlphp security update", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.debian.org/debian-lts-announce/2018/06/msg00017.html"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2017-12868", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The secureCompare method in lib/SimpleSAML/Utils/Crypto.php in SimpleSAMLphp 1.14.13 and earlier, when used with PHP before 5.6, allows attackers to conduct session fixation attacks or possibly bypass authentication by leveraging missing character conversions before an XOR operation."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://simplesamlphp.org/security/201705-01", "refsource": "CONFIRM", "url": "https://simplesamlphp.org/security/201705-01"}, {"name": "[debian-lts-announce] 20171212 [SECURITY] [DLA 1205-1] simplesamlphp security update", "refsource": "MLIST", "url": "https://lists.debian.org/debian-lts-announce/2017/12/msg00007.html"}, {"name": "https://github.com/simplesamlphp/simplesamlphp/commit/4bc629658e7b7d17c9ac3fe0da7dc5df71f1b85e", "refsource": "CONFIRM", "url": "https://github.com/simplesamlphp/simplesamlphp/commit/4bc629658e7b7d17c9ac3fe0da7dc5df71f1b85e"}, {"name": "[debian-lts-announce] 20180629 [SECURITY] [DLA 1408-1] simplesamlphp security update", "refsource": "MLIST", "url": "https://lists.debian.org/debian-lts-announce/2018/06/msg00017.html"}]}}}}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2017-12868", "datePublished": "2017-09-01T13:00:00", "dateReserved": "2017-08-15T00:00:00", "dateUpdated": "2018-06-30T09:57:01", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:simplesamlphp:simplesamlphp:*:*:*:*:*:*:*:*", "matchCriteriaId": "AA1268D7-6B0D-4BE5-9916-BE2860E66710", "versionEndIncluding": "1.14.13", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:a:php:php:*:*:*:*:*:*:*:*", "matchCriteriaId": "44B09073-783B-4ADE-A5B8-DA6F93DBA46F", "versionEndIncluding": "5.5.38", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "The secureCompare method in lib/SimpleSAML/Utils/Crypto.php in SimpleSAMLphp 1.14.13 and earlier, when used with PHP before 5.6, allows attackers to conduct session fixation attacks or possibly bypass authentication by leveraging missing character conversions before an XOR operation."}, {"lang": "es", "value": "El m\u00e9todo secureCompare en lib/SimpleSAML/Utils/Crypto.php en SimpleSAMLphp 1.14.13 y anteriores, al usarse con PHP en versiones anteriores a la 5.6, permite que los atacantes lleven a cabo ataques de fijaci\u00f3n de sesi\u00f3n o que, posiblemente, omitan la autenticaci\u00f3n aprovechando las conversiones de caracteres que faltan antes de una operaci\u00f3n XOR."}], "id": "CVE-2017-12868", "lastModified": "2018-07-01T01:29:01.317", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2017-09-01T13:29:00.240", "references": [{"source": "cve@mitre.org", "tags": ["Issue Tracking", "Patch", "Third Party Advisory"], "url": "https://github.com/simplesamlphp/simplesamlphp/commit/4bc629658e7b7d17c9ac3fe0da7dc5df71f1b85e"}, {"source": "cve@mitre.org", "url": "https://lists.debian.org/debian-lts-announce/2017/12/msg00007.html"}, {"source": "cve@mitre.org", "url": "https://lists.debian.org/debian-lts-announce/2018/06/msg00017.html"}, {"source": "cve@mitre.org", "tags": ["Patch", "Vendor Advisory"], "url": "https://simplesamlphp.org/security/201705-01"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-384"}], "source": "nvd@nist.gov", "type": "Primary"}]}