Zum Inhalt springen.
Sympa Menü

it-securitynotifies - [IT-SecNots] [Security-news] SAML Authentication - Moderately critical - Access bypass - SA-CONTRIB-2021-006

it-securitynotifies AT lists.piratenpartei.de

Betreff: Sicherheitsankündigungen

Listenarchiv

[IT-SecNots] [Security-news] SAML Authentication - Moderately critical - Access bypass - SA-CONTRIB-2021-006


Chronologisch Thread 
    < Chronologisch >      < Thread >
  • From: security-news AT drupal.org
  • To: security-news AT drupal.org
  • Subject: [IT-SecNots] [Security-news] SAML Authentication - Moderately critical - Access bypass - SA-CONTRIB-2021-006
  • Date: Wed, 28 Apr 2021 16:58:17 +0000 (UTC)
  • Authentication-results: mail02.piratenpartei.de; dkim=none; dmarc=pass (policy=none) header.from=drupal.org; spf=pass (mail02.piratenpartei.de: domain of security-news-bounces AT drupal.org designates 140.211.166.138 as permitted sender) smtp.mailfrom=security-news-bounces AT drupal.org
  • List-archive: <http://lists.drupal.org/pipermail/security-news/>
  • List-id: <security-news.drupal.org>
View online: https://www.drupal.org/sa-contrib-2021-006

Project: SAML Authentication [1]
Date: 2021-April-28
Security risk: *Moderately critical* 14∕25
AC:Basic/A:User/CI:Some/II:Some/E:Theoretical/TD:All [2]
Vulnerability: Access bypass

Description: 
The SAML Authentication module [3] allows users to authenticate against a
SAML identity provider to login to your Drupal site.

The module doesn't sufficiently protect against unauthorized local access, by
way of using the 'password reset' facility, for users who are supposed to
only be able to log in through the identity provider. This creates a scenario
where after such a user is blocked from logging in through the identity
provider but not explicitly blocked in Drupal, they are still able to log in
by sending themselves a Drupal 'password reset' e-mail.

Solution: 
Install the latest version:

* for all versions of Drupal 8/9, upgrade to samlauth 8.x-3.1 [4].
* for Drupal 7, upgrade to samlauth 7.x-1.1 [5].

Reported By: 
* Bobby Gryzynger [6]
* Mark Shropshire [7]

Fixed By: 
* Bobby Gryzynger [8]
* Roderik Muit [9]
* Jakob Perry [10]
* Sascha Grossenbacher [11]
* Cameron Eagans [12]
* Drew Webber [13] of the Drupal Security Team

Coordinated By: 
* Greg Knaddison [14] of the Drupal Security Team


[1] https://www.drupal.org/project/samlauth
[2] https://www.drupal.org/security-team/risk-levels
[3] https://www.drupal.org/project/samlauth
[4] https://www.drupal.org/project/samlauth/releases/8.x-3.1
[5] https://www.drupal.org/project/samlauth/releases/7.x-1.1
[6] https://www.drupal.org/user/3311649
[7] https://www.drupal.org/user/14767
[8] https://www.drupal.org/user/3311649
[9] https://www.drupal.org/user/8841
[10] https://www.drupal.org/user/45640
[11] https://www.drupal.org/user/214652
[12] https://www.drupal.org/user/404732
[13] https://www.drupal.org/user/255969
[14] https://www.drupal.org/user/36762

_______________________________________________
Security-news mailing list
Security-news AT drupal.org
Unsubscribe at https://lists.drupal.org/mailman/listinfo/security-news

  • [IT-SecNots] [Security-news] SAML Authentication - Moderately critical - Access bypass - SA-CONTRIB-2021-006, security-news, 28.04.2021

Archiv bereitgestellt durch MHonArc 2.6.24.

Seitenanfang