The Shibboleth authentication module 5.x prior to 5.x-3.4 and 6.x prior to 6.x-3.2, a module for Drupal, does not properly remove statically granted privileges after a logout or other session change, which allows physically proximate malicious users to gain privileges by using an unattended web browser.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
niif shib_auth 5.x-3.3 |
||
niif shib_auth 5.x-2.1 |
||
niif shib_auth 5.x-1.x |
||
niif shib_auth 6.x-2.0 |
||
niif shib_auth 6.x-1.x |
||
niif shib_auth 5.x-3.x |
||
niif shib_auth 6.x-3.0 |
||
niif shib_auth 6.x-3.x |
||
niif shib_auth 6.x-3.1 |
||
niif shib_auth 5.x-2.x |
||
niif shib_auth 6.x-2.x |
||
niif shib_auth 5.x-2.5 |
||
niif shib_auth 5.x-2.4 |
||
niif shib_auth 5.x-2.2 |
||
niif shib_auth 6.x-2.2 |
||
niif shib_auth 6.x-2.1 |