CVE-2012-4494

2022-10-0316:15:34

redhat

www.cve.org

shibboleth

drupal

user status

access restrictions

7.1 High

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

46.9%

JSON

The Shibboleth authentication module 7.x-4.0 for Drupal does not properly check the active status of users, which allows remote blocked users to access bypass intended access restrictions and possibly have other impacts by logging in.

References

drupal.org/node/1493244

drupal.org/node/1719392

drupalcode.org/project/shib_auth.git/commitdiff/2032f0a

www.openwall.com/lists/oss-security/2012/10/04/6

www.openwall.com/lists/oss-security/2012/10/07/1