{"id":"CVE-2017-12867","details":"The SimpleSAML_Auth_TimeLimitedToken class in SimpleSAMLphp 1.14.14 and earlier allows attackers with access to a secret token to extend its validity period by manipulating the prepended time offset.","aliases":["GHSA-597c-mh7m-48v7"],"modified":"2026-03-14T09:21:55.412153Z","published":"2017-08-29T15:29:00.877Z","references":[{"type":"WEB","url":"https://lists.debian.org/debian-lts-announce/2017/12/msg00007.html"},{"type":"ADVISORY","url":"https://www.debian.org/security/2018/dsa-4127"},{"type":"FIX","url":"https://simplesamlphp.org/security/201708-01"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/simplesamlphp/simplesamlphp","events":[{"introduced":"0"},{"last_affected":"0329e7fd0e9f356211a002f5b7c79da4543b5efe"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"1.14.14"}]}}],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2017-12867.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"}]}