Shibboleth · Shibboleth Authentication Module · CVE-2009-4527
**Name of the Vulnerable Software and Affected Versions**
Shibboleth authentication module versions 5.x before 5.x-3.4
Shibboleth authentication module versions 6.x before 6.x-3.2
**Description**
The issue arises from the improper removal of statically granted privileges after a user logs out or experiences a session change. This allows an attacker with physical access to gain privileges by utilizing an unattended web browser.
**Recommendations**
For Shibboleth authentication module versions 5.x before 5.x-3.4, update to version 5.x-3.4 or later.
For Shibboleth authentication module versions 6.x before 6.x-3.2, update to version 6.x-3.2 or later.