[Security-news] SAML Service Provider - Critical - Access bypass - SA-CONTRIB-2020-006

security-news at drupal.org security-news at drupal.org
Wed Mar 11 16:31:34 UTC 2020


View online: https://www.drupal.org/sa-contrib-2020-006

Project: SAML Service Provider [1]
Date: 2020-March-11
Security risk: *Critical* 15∕25
AC:Basic/A:None/CI:Some/II:Some/E:Theoretical/TD:Default [2]
Vulnerability: Access bypass

Description: 
This module enables you to authenticate Drupal users using an external SAML
Identity Provider.

If the site is configured to allow visitors to register for user accounts but
administrator approval is required, the module doesn't sufficiently enforce
the administrative approval requirement, in the case where the requesting
user has already authenticated through SAML.

This vulnerability is mitigated by the fact that user accounts created in
this way have only default roles, which may not have access significantly
beyond that of an anonymous user. To mitigate the vulnerability without
upgrading sites could disable public registration.

Solution: 
Install the latest version:

   * If you use the SAML Service Provider module for Drupal 8.x, upgrade to
     SAML Service Provider 8.x-3.7 [3]

Also see the SAML Service Provider [4] project page.

Reported By: 
   * J Proctor  [5]

Fixed By: 
   * J Proctor [6]
   * James Glasgow  [7]

Coordinated By: 
   * Greg Knaddison [8] of the Drupal Security Team


[1] https://www.drupal.org/project/saml_sp
[2] https://www.drupal.org/security-team/risk-levels
[3] https://www.drupal.org/project/saml_sp/releases/8.x-3.7
[4] https://www.drupal.org/project/saml_sp
[5] https://www.drupal.org/user/1194192
[6] https://www.drupal.org/user/1194192
[7] https://www.drupal.org/user/36590
[8] https://www.drupal.org/user/36762



More information about the Security-news mailing list