CVE-2017-12868

CVE-2017-12868

The secureCompare method in lib/SimpleSAML/Utils/Crypto.php in SimpleSAMLphp 1.14.13 and earlier, when used with PHP before 5.6, allows attackers to conduct session fixation attacks or possibly bypass authentication by leveraging missing character conversions before an XOR operation.

Source: CVE-2017-12868

답글 남기기

이메일 주소는 공개되지 않습니다. 필수 필드는 *로 표시됩니다