Contact Us
SECURITY BLOG SECURITY DASHBOARD PARTNERS PRODUCTS JOBS SERVICES COMPANY HOME
 
Security Dashboard | US-CERTs | SecurityFocus | Advisories | Exploits | Threats | Vulnerabilities | Risks
Network Security Consulting Advisories Article

Drupal Shibboleth authentication Module Access Bypass Vulnerability

http://www.securityfocus.com/bid/54913

Security Info

Bugtraq ID: 54913
Class: Access Validation Error
CVE:
Remote: Yes
Local: No
Published: Aug 08 2012 12:00AM
Updated: Aug 08 2012 12:00AM
Credit: Brian Swaney
Vulnerable: Drupal Shibboleth authentication 6.x-3.2
Drupal Shibboleth authentication 6.x-3.1
Drupal Shibboleth authentication 5.x-3.4
Drupal Shibboleth authentication 5.x-3.3
Not Vulnerable:

Security Discussion

The Shibboleth authentication module for Drupal is prone to an access-bypass vulnerability.

An attacker can exploit this issue to bypass certain security restrictions and gain access to sensitive areas of application to perform unauthorized actions; this may aid in launching further attacks.

Shibboleth authentication versions prior to 6.x-4.0-rc3 are vulnerable.

Proof of Concept and Security Exploits

Attackers can use a browser to exploit this issue.

Security Solution(s)

Solution:
Updates are available; please see the references for more information.

Security References(s)

References:

Contact Us

Security Penetration Testing

Security Questions

Security Dashboard

Emagined Security Blog featuring Dr. Eugene Schultz
Site Updated May 18, 2013
©2000-2013 Emagined Security
All Rights Reserved

Secure Web Programming
by Vizual Services