oss-sec mailing list archives
Re: CVE Request: SimpleSAMLphp: SSPSA 201612-01: Incorrect signature verification
From: <cve-assign () mitre org>
Date: Sun, 4 Dec 2016 22:24:21 -0500
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
https://simplesamlphp.org/security/201612-01 https://github.com/simplesamlphp/saml2/pull/81 https://github.com/simplesamlphp/saml2/commit/7008b0916426212c1cc2fc238b38ab9ebff0748c
convert an error state, signaled by the value -1, to a successful verification of the signature (represented by the boolean true)
an error during signature verification is treated as a successful verification
Use CVE-2016-9814. - -- CVE Assignment Team M/S M300, 202 Burlington Road, Bedford, MA 01730 USA [ A PGP key is available for encrypted communications at http://cve.mitre.org/cve/request_id.html ] -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBCAAGBQJYRNj2AAoJEHb/MwWLVhi2LPoQAIka//ctCZOUgkIQaf0t5UYI hgd2XPcl6LHfOzJA+hvmERO4uxgceqNQ8nhZxkIsWs8tA/eibpHBpz2UebkcKt6r 3IRwP3Xo3NBVpHXYcL6snoDJ6eYipeQeVwEVnoudxIFrzXcHL7YJNpXbRDUA/n44 hoDlc2OZyeMzPWU+fvLXuyi/ylm2AOUJIbb9icONyhdKKyQiI61oInhbGCG47qi0 lhUUQMyTHgTlRtYGSUyJWzRo0u5OIJaS+XAgUPhWK670kTJ8ZEhVcKJNRrLiRxu6 1SHna5o26O6LHTIyJMhKcOfMYpWCUnHhqBTn+IwBalumYJucBW3k9MIBn3M0Odtp s8mcPQ4NX70uLCEh7+alOF4Pi7tUI6N+KvFX5IUsbBhVW0afpSgl9B5BsLmEmDKT M+szOjUQ1AaNfptqpDTWSSpusK9assQ+2g5warmw6ndPvhcjx4/1KmpInI0kCMQ3 9nZ/blvuMPd9QkiuD9YKG1qOnAO1qK7IdWKDwmVvZqweuawfJgoUknHd4a5tduaJ REMTO+CPkk2th2dEAi9/yZywzCExOw2Am5qOIwiv6tei0GFmwRHrauglQQDE4NP8 rU49wxNYW1UOP6Yd4d2rZHiJQBhvkByhPSIWJWxggnl4cTLL5sKxSdFLech1bWuv 6ZF1/SgEqZUECFXhsUlY =NZRo -----END PGP SIGNATURE-----
Current thread:
- CVE Request: SimpleSAMLphp: SSPSA 201612-01: Incorrect signature verification Salvatore Bonaccorso (Dec 03)
- Re: CVE Request: SimpleSAMLphp: SSPSA 201612-01: Incorrect signature verification cve-assign (Dec 04)