The SimpleSAML_Auth_TimeLimitedToken class in SimpleSAMLphp 1.14.14 and earlier allows attackers with access to a secret token to extend its validity period by manipulating the prepended time offset. External References: https://simplesamlphp.org/security/201708-01
Created php-simplesamlphp-saml2_1 tracking bugs for this issue: Affects: epel-all [bug 1488970] Affects: fedora-all [bug 1488971]