CVE-2012-4494 - Vulnerability Details - OpenCVE

The Shibboleth authentication module 7.x-4.0 for Drupal does not properly check the active status of users, which allows remote blocked users to access bypass intended access restrictions and possibly have other impacts by logging in.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

This CVE is not in the KEV list.

The EPSS score is 0.00357.

Key SSVC decision points have not yet been added.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

n/a

n/a

affected

Version	Status	Constraints
`n/a`	affected	—

Configuration 1 [-]

AND

cpe:2.3:a:niif:shibb_auth:7.x-4.0:*:*:*:*:*:*:*

cpe:2.3:a:drupal:drupal:-:*:*:*:*:*:*:*

No data.

No data.

Project Subscriptions

Vendors	Products
Drupal Subscribe	Drupal Subscribe
Niif Subscribe	Shibb Auth Subscribe

Advisories

Source	ID	Title
EUVD	EUVD-2012-4423	The Shibboleth authentication module 7.x-4.0 for Drupal does not properly check the active status of users, which allows remote blocked users to access bypass intended access restrictions and possibly have other impacts by logging in.

Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References

Link	Providers
http://drupal.org/node/1493244
http://drupal.org/node/1719392
http://drupalcode.org/project/shib_auth.git/commitdiff/2032f0a
http://www.openwall.com/lists/oss-security/2012/10/04/6
http://www.openwall.com/lists/oss-security/2012/10/07/1

History

No history.

Projects

Sign in to view the affected projects.

MITRE

Status: PUBLISHED

Assigner: redhat

Published: 2012-10-31T16:00:00.000Z

Updated: 2024-09-17T01:41:46.312Z

Reserved: 2012-08-21T00:00:00.000Z

Link: CVE-2012-4494

Vulnrichment

No data.

NVD

Status : Deferred

Published: 2012-10-31T16:55:03.450

Modified: 2025-04-11T00:51:21.963

Link: CVE-2012-4494

Redhat

No data.

OpenCVE Enrichment

No data.

Weaknesses

CWE-264

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "descriptions": [{"lang": "en", "value": "The Shibboleth authentication module 7.x-4.0 for Drupal does not properly check the active status of users, which allows remote blocked users to access bypass intended access restrictions and possibly have other impacts by logging in."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2012-10-31T16:00:00.000Z", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat"}, "references": [{"name": "[oss-security] 20121004 CVE Request for Drupal Contributed Modules", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.openwall.com/lists/oss-security/2012/10/04/6"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://drupal.org/node/1493244"}, {"tags": ["x_refsource_MISC"], "url": "http://drupal.org/node/1719392"}, {"name": "[oss-security] 20121007 Re: CVE Request for Drupal Contributed Modules", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.openwall.com/lists/oss-security/2012/10/07/1"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://drupalcode.org/project/shib_auth.git/commitdiff/2032f0a"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "secalert@redhat.com", "ID": "CVE-2012-4494", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The Shibboleth authentication module 7.x-4.0 for Drupal does not properly check the active status of users, which allows remote blocked users to access bypass intended access restrictions and possibly have other impacts by logging in."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "[oss-security] 20121004 CVE Request for Drupal Contributed Modules", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2012/10/04/6"}, {"name": "http://drupal.org/node/1493244", "refsource": "CONFIRM", "url": "http://drupal.org/node/1493244"}, {"name": "http://drupal.org/node/1719392", "refsource": "MISC", "url": "http://drupal.org/node/1719392"}, {"name": "[oss-security] 20121007 Re: CVE Request for Drupal Contributed Modules", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2012/10/07/1"}, {"name": "http://drupalcode.org/project/shib_auth.git/commitdiff/2032f0a", "refsource": "CONFIRM", "url": "http://drupalcode.org/project/shib_auth.git/commitdiff/2032f0a"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T20:35:09.921Z"}, "title": "CVE Program Container", "references": [{"name": "[oss-security] 20121004 CVE Request for Drupal Contributed Modules", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://www.openwall.com/lists/oss-security/2012/10/04/6"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://drupal.org/node/1493244"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://drupal.org/node/1719392"}, {"name": "[oss-security] 20121007 Re: CVE Request for Drupal Contributed Modules", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://www.openwall.com/lists/oss-security/2012/10/07/1"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://drupalcode.org/project/shib_auth.git/commitdiff/2032f0a"}]}]}, "cveMetadata": {"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2012-4494", "datePublished": "2012-10-31T16:00:00.000Z", "dateReserved": "2012-08-21T00:00:00.000Z", "dateUpdated": "2024-09-17T01:41:46.312Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:niif:shibb_auth:7.x-4.0:*:*:*:*:*:*:*", "matchCriteriaId": "547BE878-06F9-49E7-B848-395A6E4D4E6D", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:a:drupal:drupal:-:*:*:*:*:*:*:*", "matchCriteriaId": "F8B1170D-AD33-4C7A-892D-63AC71B032CF", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The Shibboleth authentication module 7.x-4.0 for Drupal does not properly check the active status of users, which allows remote blocked users to access bypass intended access restrictions and possibly have other impacts by logging in."}, {"lang": "es", "value": "El m\u00f3dulo de autenticaci\u00f3n Shibboleth v7.x-4.0 para Drupal no comprueba correctamente la condici\u00f3n activa de los usuarios, lo que permite a usuarios remotos bloqueados eludir las restricciones de acceso y posiblemente tener otro impacto por el acceso."}], "id": "CVE-2012-4494", "lastModified": "2025-04-11T00:51:21.963", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}]}, "published": "2012-10-31T16:55:03.450", "references": [{"source": "secalert@redhat.com", "url": "http://drupal.org/node/1493244"}, {"source": "secalert@redhat.com", "tags": ["Vendor Advisory"], "url": "http://drupal.org/node/1719392"}, {"source": "secalert@redhat.com", "url": "http://drupalcode.org/project/shib_auth.git/commitdiff/2032f0a"}, {"source": "secalert@redhat.com", "url": "http://www.openwall.com/lists/oss-security/2012/10/04/6"}, {"source": "secalert@redhat.com", "url": "http://www.openwall.com/lists/oss-security/2012/10/07/1"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://drupal.org/node/1493244"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://drupal.org/node/1719392"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://drupalcode.org/project/shib_auth.git/commitdiff/2032f0a"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.openwall.com/lists/oss-security/2012/10/04/6"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.openwall.com/lists/oss-security/2012/10/07/1"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-264"}], "source": "nvd@nist.gov", "type": "Primary"}]}