CVE-2013-4552
lib/Auth/Source/External.php in the drupalauth module before 1.2.2 for simpleSAMLphp allows remote attackers to authenticate as an arbitrary user via the user name (uid) in a cookie.
Ver en NVDSeveridad
N/A
EPSS
Probabilidad de explotación (próx. 30 días): 0.0048 (0.5%)
Percentil: 65.0%
EPSS: 2026-05-06
Afecta
drupalauth_project:drupalauthDescripción técnica
lib/Auth/Source/External.php in the drupalauth module before 1.2.2 for simpleSAMLphp allows remote attackers to authenticate as an arbitrary user via the user name (uid) in a cookie.
Publicada: 13/5/2014, 15:55:04
Última modificación: 6/5/2026, 22:30:45
Referencias
- http://www.openwall.com/lists/oss-security/2013/11/05/1
- http://www.openwall.com/lists/oss-security/2013/11/08/6
- https://code.google.com/p/drupalauth/issues/detail?id=9
- http://www.openwall.com/lists/oss-security/2013/11/05/1
- http://www.openwall.com/lists/oss-security/2013/11/08/6
- https://code.google.com/p/drupalauth/issues/detail?id=9