CVE-2012-2351
5.0
Vector
AV:N/AC:L/Au:N/C:N/I:P/A:N
Exploitability: 10.0 / Impact: 2.9
Source: NVD
Description
The default configuration of the auth/saml plugin in Mahara before 1.4.2 sets the "Match username attribute to Remote username" option to false, which allows remote SAML IdP servers to spoof users of other SAML IdP servers by using the same internal username.
Affected (75)
Products: Debian: Debian Linux · Mahara: Mahara
Configuration A
| Vulnerable Software | Affected Versions |
|---|---|
| Version 6.0 |
Related CWEs
CWE-16
CWE-16
CWE-284
Improper Access Control
The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.
CWE-287
Improper Authentication
When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.
References (10)
Source: secalert@redhat.com
Issue TrackingPatch
Source: secalert@redhat.com
Mailing ListThird Party Advisory
Source: secalert@redhat.com
Mailing ListThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Issue TrackingPatch
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Mailing ListThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Mailing ListThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Issue Tracking
Timeline
No history available yet.