Medium severity5.9NVD Advisory· Published Sep 1, 2017· Updated Jun 17, 2026
CVE-2017-12870
CVE-2017-12870
Description
SimpleSAMLphp 1.14.12 and earlier make it easier for man-in-the-middle attackers to obtain sensitive information by leveraging use of the aesEncrypt and aesDecrypt methods in the SimpleSAML/Utils/Crypto class to protect session identifiers in replies to non-HTTPS service providers.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
simplesamlphp/simplesamlphpPackagist | < 1.14.13 | 1.14.13 |
Affected products
2Patches
Vulnerability mechanics
References
5- simplesamlphp.org/security/201704-01nvdPatchVendor AdvisoryWEB
- github.com/advisories/GHSA-44pr-mgcp-v36rghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2017-12870ghsaADVISORY
- github.com/FriendsOfPHP/security-advisories/blob/master/simplesamlphp/simplesamlphp/CVE-2017-12870.yamlghsaWEB
- github.com/simplesamlphp/simplesamlphp/commit/4c939be1696bacb2b95ee11d4ebc5814a08b04c5ghsaWEB
News mentions
0No linked articles in our index yet.