Vulnerability from drupal
Published
2021-04-28 16:47
Modified
2023-08-11 17:16
Summary
Details

The SAML Authentication module allows users to authenticate against a SAML identity provider to login to your Drupal site.

The module doesn't sufficiently protect against unauthorized local access, by way of using the 'password reset' facility, for users who are supposed to only be able to log in through the identity provider. This creates a scenario where after such a user is blocked from logging in through the identity provider but not explicitly blocked in Drupal, they are still able to log in by sending themselves a Drupal 'password reset' e-mail.

Credits
Bobby Gryzynger www.drupal.org/user/3311649
Mark Shropshire www.drupal.org/user/14767
To clipboard 

{
  "affected": [
    {
      "database_specific": {
        "affected_versions": "\u003c3.1.0"
      },
      "package": {
        "ecosystem": "Packagist:https://packages.drupal.org/8",
        "name": "drupal/samlauth"
      },
      "ranges": [
        {
          "database_specific": {
            "constraint": "\u003c3.1.0"
          },
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "3.1.0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ],
      "severity": []
    }
  ],
  "aliases": [],
  "credits": [
    {
      "contact": [
        "https://www.drupal.org/user/3311649"
      ],
      "name": "Bobby Gryzynger"
    },
    {
      "contact": [
        "https://www.drupal.org/user/14767"
      ],
      "name": "Mark Shropshire"
    }
  ],
  "details": "The [SAML Authentication module](https://www.drupal.org/project/samlauth) allows users to authenticate against a SAML identity provider to login to your Drupal site.\n\nThe module doesn\u0027t sufficiently protect against unauthorized local access, by way of using the \u0027password reset\u0027 facility, for users who are supposed to only be able to log in through the identity provider. This creates a scenario where after such a user is blocked from logging in through the identity provider but not explicitly blocked in Drupal, they are still able to log in by sending themselves a Drupal \u0027password reset\u0027 e-mail.",
  "id": "DRUPAL-CONTRIB-2021-006",
  "modified": "2023-08-11T17:16:38.000Z",
  "published": "2021-04-28T16:47:09.000Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://www.drupal.org/sa-contrib-2021-006"
    }
  ],
  "schema_version": "1.7.0"
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.