The SimpleSAMLAuthTimeLimitedToken class in SimpleSAMLphp 1.14.14 and earlier allows attackers with access to a secret token to extend its validity period by manipulating the prepended time offset.
{ "availability": "No subscription required", "binaries": [ { "binary_name": "simplesamlphp", "binary_version": "1.14.15-1" } ] }