Name of the Vulnerable Software and Affected Versions: php-saml toolkit (affected versions not specified)

Description: The issue arises from the implicit conversion of numerical values to boolean in PHP, which can lead to an error state being treated as a successful signature verification. Specifically, the openssl verify() function returns -1 in case of an error, but this is converted to true when implicitly converted to a boolean. The LogoutRequest/LogoutResponse signature validator is affected, treating an error during signature verification as a successful verification. The impact is lower since the signature validation of SAMLResponses is not affected.

Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.