Miggo Logo

CVE-2016-9955: Incorrect signature verification in SimpleSAMLphp

6.3

CVSS Score
3.0

Basic Information

EPSS Score
0.60519%
Published
1/24/2020
Updated
2/7/2024
KEV Status
No
Technology
TechnologyPHP

Technical Details

CVSS Vector
CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:H
Package NameEcosystemVulnerable VersionsFirst Patched Version
simplesamlphp/simplesamlphpcomposer< 1.14.111.14.11

Vulnerability Intelligence
Miggo AIMiggo AI

Miggo AIRoot Cause Analysis

The vulnerability stems from improper handling of openssl_verify() return values in the signature validation flow. The SimpleSAML_XML_Validator constructor relies on a boolean check of the verify() method's return value, which inherits openssl_verify()'s -1 error return code. PHP's boolean conversion treats -1 as 'true', causing error states to be misinterpreted as successful signature validations. This makes the constructor's validation logic fundamentally flawed in affected versions.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

### ***k*roun* *n in*orr**t ****k o* r*turn v*lu*s in t** si*n*tur* v*li**tion utiliti*s *llows *n *tt**k*r to **t inv*li* si*n*tur*s ****pt** *s v*li* *y *or*in* *n *rror *urin* v*li**tion. ### **s*ription T** `Simpl*S*ML_XML_V*li**tor` *l*ss *llow

Reasoning

T** vuln*r**ility st*ms *rom improp*r **n*lin* o* op*nssl_v*ri*y() r*turn v*lu*s in t** si*n*tur* v*li**tion *low. T** Simpl*S*ML_XML_V*li**tor *onstru*tor r*li*s on * *ool**n ****k o* t** v*ri*y() m*t*o*'s r*turn v*lu*, w*i** in**rits op*nssl_v*ri*y