CVE-2016-9814: Incorrect signature verification

February 16, 2017 (updated March 3, 2018)

An incorrect check of return values in the signature validation utilities allows an attacker to get invalid signatures accepted as valid by forcing an error during validation.

References

github.com/simplesamlphp/saml2/commit/7008b0916426212c1cc2fc238b38ab9ebff0748c
github.com/simplesamlphp/saml2/pull/81
simplesamlphp.org/security/201612-01

Code Behaviors & Features

Detect and mitigate CVE-2016-9814 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →