CVE-2009-4527

Name of the Vulnerable Software and Affected Versions Shibboleth authentication module versions 5.x before 5.x-3.4 Shibboleth authentication module versions 6.x before 6.x-3.2

Description The issue arises from the improper removal of statically granted privileges after a user logs out or experiences a session change. This allows an attacker with physical access to gain privileges by utilizing an unattended web browser.

Recommendations For Shibboleth authentication module versions 5.x before 5.x-3.4, update to version 5.x-3.4 or later. For Shibboleth authentication module versions 6.x before 6.x-3.2, update to version 6.x-3.2 or later.