Vulnerability Details CVE-2017-12868
The secureCompare method in lib/SimpleSAML/Utils/Crypto.php in SimpleSAMLphp 1.14.13 and earlier, when used with PHP before 5.6, allows attackers to conduct session fixation attacks or possibly bypass authentication by leveraging missing character conversions before an XOR operation.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.021
EPSS Ranking 79.7%
CVSS Severity
CVSS v3 Score 9.8
CVSS v2 Score 7.5