Mahara SAML Authentication Security Bypass Vulnerability
BID:53489
Info
Mahara SAML Authentication Security Bypass Vulnerability
| Bugtraq ID: | 53489 |
| Class: | Unknown |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | May 11 2012 12:00AM |
| Updated: | May 11 2012 12:00AM |
| Credit: | Disclosed in Debian security advisory. |
| Vulnerable: |
Mahara Mahara 1.4.1 Mahara Mahara 1.4 Mahara Mahara 1.3.6 Mahara Mahara 1.3.5 Mahara Mahara 1.3.4 Mahara Mahara 1.3.3 Mahara Mahara 1.3.3 Mahara Mahara 1.3 beta3 Mahara Mahara 1.3 beta2 Mahara Mahara 1.3 beta1 Mahara Mahara 1.3.2 Mahara Mahara 1.3.1 Mahara Mahara 1.3.0 RC1 Mahara Mahara 1.3.0 Beta4 Mahara Mahara 1.3.0 Debian Linux 6.0 sparc Debian Linux 6.0 s/390 Debian Linux 6.0 powerpc Debian Linux 6.0 mips Debian Linux 6.0 ia-64 Debian Linux 6.0 ia-32 Debian Linux 6.0 arm Debian Linux 6.0 amd64 |
| Not Vulnerable: | |
Discussion
Mahara SAML Authentication Security Bypass Vulnerability
Mahara is prone to a security-bypass vulnerability.
An attacker with control over one SAML identity provider can exploit this issue to impersonate users of other SAML identity provider's. This may lead to further attacks.
Mahara is prone to a security-bypass vulnerability.
An attacker with control over one SAML identity provider can exploit this issue to impersonate users of other SAML identity provider's. This may lead to further attacks.
Exploit / POC
Mahara SAML Authentication Security Bypass Vulnerability
An attacker can use readily available tools to exploit this issue.
An attacker can use readily available tools to exploit this issue.
Solution / Fix
Mahara SAML Authentication Security Bypass Vulnerability
Solution:
Updates are available. Please see the references for details.
Solution:
Updates are available. Please see the references for details.