Vulnerability Description
The Shibboleth authentication module 7.x-4.0 for Drupal does not properly check the active status of users, which allows remote blocked users to access bypass intended access restrictions and possibly have other impacts by logging in.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Niif | Shibb Auth | 7.x-4.0 |
| Drupal | Drupal | - |
Related Weaknesses (CWE)
References
- http://drupal.org/node/1493244
- http://drupal.org/node/1719392Vendor Advisory
- http://drupalcode.org/project/shib_auth.git/commitdiff/2032f0a
- http://www.openwall.com/lists/oss-security/2012/10/04/6
- http://www.openwall.com/lists/oss-security/2012/10/07/1
- http://drupal.org/node/1493244
- http://drupal.org/node/1719392Vendor Advisory
- http://drupalcode.org/project/shib_auth.git/commitdiff/2032f0a
- http://www.openwall.com/lists/oss-security/2012/10/04/6
- http://www.openwall.com/lists/oss-security/2012/10/07/1
FAQ
What is CVE-2012-4494?
CVE-2012-4494 is a vulnerability with a CVSS score of 4.3 (MEDIUM). The Shibboleth authentication module 7.x-4.0 for Drupal does not properly check the active status of users, which allows remote blocked users to access bypass intended access restrictions and possibly...
How severe is CVE-2012-4494?
CVE-2012-4494 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2012-4494?
Check the references section above for vendor advisories and patch information. Affected products include: Niif Shibb Auth, Drupal Drupal.