The SimpleSAML_Auth_TimeLimitedToken class in SimpleSAMLphp 1.14.14 and earlier allows attackers with access to a secret token to extend its validity period by manipulating the prepended time offset.
| Package (Ecosystem) | Introduced | Fixed | Limit |
|---|---|---|---|
| simplesamlphp/simplesamlphp(Packagist) | 1.14.0 | 1.14.15 | N/A |
CVSS Metrics
