8.1

CVSS Score

3.0

Basic Information

CVE ID

CVE-2017-18122

GHSA ID

GHSA-j4qf-3w33-8cgc

EPSS Score

0.54852%

CWE

CWE-347

Published

5/14/2022

Updated

4/25/2024

KEV Status

Technology

PHP

Concerned about an active attack path?

Talk to our security experts and see Miggo in action.

Miggo Vulnerability Database

→

CVE-2017-18122

CVE-2017-18122: SimpleSAMLphp Signature validation bypass

A signature-validation bypass issue was discovered in SimpleSAMLphp through 1.14.16. A SimpleSAMLphp Service Provider using SAML 1.1 will regard as valid any unsigned SAML response containing more than one signed assertion, provided that the signature of at least one of the assertions is valid. Attributes contained in all the assertions received will be merged and the entityID of the first assertion received will be used, allowing an attacker to impersonate any user of any IdP given an assertion signed by the targeted IdP.

(GitHub Advisory)

8.1

CVSS Score

3.0

Basic Information

CVE ID

CVE-2017-18122

GHSA ID

GHSA-j4qf-3w33-8cgc

EPSS Score

0.54852%

CWE

CWE-347

Published

5/14/2022

Updated

4/25/2024

KEV Status

Technology

PHP

Technical Details

CVSS Vector

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Package Name	Ecosystem	Vulnerable Versions	First Patched Version
simplesamlphp/simplesamlphp	composer	< 1.14.17	1.14.17

Vulnerability Intelligence
Miggo AI

Root Cause Analysis

The vulnerability stems from a non-strict in_array() comparison in the isNodeValidated method. PHP's default loose comparison would return true when checking any DOM node against an array containing at least one node (due to object comparison by reference). The patch adds strict comparison (third parameter 'true'), confirming the root cause was improper node validation. This function is directly responsible for checking if assertions were properly signed during SAML processing.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

* si*n*tur*-v*li**tion *yp*ss issu* w*s *is*ov*r** in Simpl*S*MLp*p t*rou** *.**.**. * Simpl*S*MLp*p S*rvi** Provi**r usin* S*ML *.* will r***r* *s v*li* *ny unsi*n** S*ML r*spons* *ont*inin* mor* t**n on* si*n** *ss*rtion, provi*** t**t t** si*n*tur

Reasoning

T** vuln*r**ility st*ms *rom * non-stri*t `in_*rr*y()` *omp*rison in t** `isNo**V*li**t**` m*t*o*. P*P's ****ult loos* *omp*rison woul* r*turn tru* w**n ****kin* *ny *OM no** ***inst *n *rr*y *ont*inin* *t l**st on* no** (*u* to o*j**t *omp*rison *y

8.1

Basic Information

Concerned about an active attack path?

CVE-2017-18122: SimpleSAMLphp Signature validation bypass

8.1

Basic Information

Technical Details

Vulnerability IntelligenceMiggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Reasoning

Vulnerability Intelligence
Miggo AI