CVE-2017-12873

Name of the Vulnerable Software and Affected Versions SimpleSAMLphp versions 1.7.0 through 1.14.10

Description The issue arises when a SimpleSAMLphp Identity Provider is misconfigured, leading to incorrect persistent NameID generation. This can cause different users to receive the same identifier, potentially allowing attackers to obtain sensitive information or gain unauthorized access. The problem occurs when the SimpleSAML Auth ProcessingChain class attempts to keep a unique user identifier in the state array, but fails due to missing or empty attributes. As a result, all users connecting to a given service provider may receive the same NameID, which can be used to identify users across sessions. Some service providers have already observed cases where this issue has led to security problems.

Recommendations Upgrade to the latest version. Configure a saml:PersistentNameID authentication processing filter according to your needs, ensuring the attribute used as the source for the NameID is present, unique per user, and does not change over time.