QwikSec

Security Database

CVE

CWE

Training

CVE-2012-2351

Published: Jul 12, 2012

Modified: Sep 16, 2024

PUBLISHED

Description

The default configuration of the auth/saml plugin in Mahara before 1.4.2 sets the "Match username attribute to Remote username" option to false, which allows remote SAML IdP servers to spoof users of other SAML IdP servers by using the same internal username.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

https://bugs.launchpad.net/mahara/+bug/932909

x_refsource_CONFIRM

http://gitorious.org/mahara/mahara/commit/f07be6020e70fa8f53cd77fdcd63e7fd7ff8aaea

x_refsource_CONFIRM

vendor-advisory

x_refsource_DEBIAN

[oss-security] 20120511 CVE request: mahara

mailing-list

x_refsource_MLIST

[oss-security] 20120512 Re: CVE request: mahara

mailing-list

x_refsource_MLIST

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.