PT-2012-5440 · Shibboleth · Shibboleth Authentication Module

Joshua Brauer

Published

2012-10-31

Updated

2012-11-02

CVE-2012-4494

CVSS v2.0

4.3

Medium

Vector

AV:N/AC:M/Au:N/C:N/I:P/A:N

Name of the Vulnerable Software and Affected Versions Shibboleth authentication module versions 7.x-4.0

Description The issue arises from the Shibboleth authentication module's failure to properly check the active status of users. This allows remote blocked users to bypass intended access restrictions and possibly have other impacts by logging in.

Recommendations For version 7.x-4.0, update to a newer version that properly checks the active status of users to prevent blocked users from accessing the system.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-264

Related Identifiers

CVE-2012-4494

Affected Products

Shibboleth Authentication Module

PT-2012-5440 · Shibboleth · Shibboleth Authentication Module

CVE-2012-4494

Weakness Enumeration

Related Identifiers

Affected Products

References · 6