Miggo Logo
Miggo Vulnerability Database
CVE-2011-4625

CVE-2011-4625: simpleSAMLphp incorrectly handles XML encryption

7.5

CVSS Score
3.1

Basic Information

CVE ID
CVE-2011-4625
GHSA ID
GHSA-5fj7-f8x3-q2mc
EPSS Score
0.50523%
CWE
CWE-755
Published
4/22/2022
Updated
1/12/2024
KEV Status
No
Technology
TechnologyPHP

Technical Details

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
Package NameEcosystemVulnerable VersionsFirst Patched Version
simplesamlphp/simplesamlphpcomposer< 1.8.11.8.1

Vulnerability Intelligence
Miggo AIMiggo AI

Miggo AIRoot Cause Analysis

The vulnerability (CWE-755) stems from improper error handling during XML encryption operations. The decryption functions likely:

  1. Leaked timing/padding information through error responses (Crypto::aesDecrypt)
  2. Failed to securely handle decryption exceptions (SAML2\Utils::decryptElement)
  3. Didn't properly validate encryption context during assertion processing (Message::processAssertion) These would allow:
  • Decryption oracle attacks via error message analysis
  • Key oracle attacks through repeated malformed requests
  • Message forgery by exploiting weak encryption validation While exact pre-patch code isn't available, the vulnerability pattern matches these critical encryption handling functions in the SAML flow.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

simpl*s*mlp*p ***or* *.*.* (squ**z*) *n* ***or* *.*.* (si*) in*orr**tly **n*l*s XML *n*ryption w*i** *oul* *llow r*mot* *tt**k*rs to ***rypt or *or** m*ss***s.

Reasoning

T** vuln*r**ility (*W*-***) st*ms *rom improp*r *rror **n*lin* *urin* XML *n*ryption op*r*tions. T** ***ryption *un*tions lik*ly: *. L**k** timin*/p***in* in*orm*tion t*rou** *rror r*spons*s (*rypto::**s***rypt) *. **il** to s**ur*ly **n*l* ***ryptio