icon

We found results for “

CVE-2012-2351

Good to know:

icon

Date: July 12, 2012

The default configuration of the auth/saml plugin in Mahara before 1.4.2 sets the "Match username attribute to Remote username" option to false, which allows remote SAML IdP servers to spoof users of other SAML IdP servers by using the same internal username.

Language: PHP

Severity Score

Severity Score

Weakness Type (CWE)

Authentication Issues

CWE-287

Configuration

CWE-16

Improper Access Control

CWE-284

Top Fix

icon

Upgrade Version

Upgrade to version 1.4.2_RELEASE

Learn More

CVSS v2

Base Score:
Access Vector (AV): NETWORK
Access Complexity (AC): LOW
Authentication (AU): NONE
Confidentiality (C): NONE
Integrity (I): PARTIAL
Availability (A): NONE
Additional information:

Do you need more information?

Contact Us