logo

Database

Authentication mechanism absence or evasion In drupal/miniorange_saml

Description

This module provides a solution to authenticate visitors using existing SAML providers.

Certain non-default configurations allow a malicious user to login as any chosen user.

The vulnerability is mitigated by the module's default settings which require the options "Either sign SAML assertions" and "x509 certificate".

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem
Package
Affected version
Patched versions

Aliases

1. OSV-DRUPAL-CONTRIB-2021-0362. GCVE-DRUPAL-CONTRIB-2021-0363. drupal.org

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.