==================================================================== CERT-Renater Note d'Information No. 2021/VULN251 _____________________________________________________________________ DATE : 30/04/2021 HARDWARE PLATFORM(S): / OPERATING SYSTEM(S): Systems running samlauth for Drupal versions prior to 8.x-3.1, 7.x-1.1. ===================================================================== https://www.drupal.org/sa-contrib-2021-006 _____________________________________________________________________ SAML Authentication - Moderately critical - Access bypass - SA-CONTRIB-2021-006 Project: SAML Authentication Date: 2021-April-28 Security risk: Moderately critical 14∕25 AC:Basic/A:User/CI:Some/II:Some/E:Theoretical/TD:All Vulnerability: Access bypass Description: The SAML Authentication module allows users to authenticate against a SAML identity provider to login to your Drupal site. The module doesn't sufficiently protect against unauthorized local access, by way of using the 'password reset' facility, for users who are supposed to only be able to log in through the identity provider. This creates a scenario where after such a user is blocked from logging in through the identity provider but not explicitly blocked in Drupal, they are still able to log in by sending themselves a Drupal 'password reset' e-mail. Solution: Install the latest version: for all versions of Drupal 8/9, upgrade to samlauth 8.x-3.1. for Drupal 7, upgrade to samlauth 7.x-1.1. Reported By: Bobby Gryzynger Mark Shropshire Fixed By: Bobby Gryzynger Roderik Muit Jakob Perry Sascha Grossenbacher Cameron Eagans Drew Webber of the Drupal Security Team Coordinated By: Greg Knaddison of the Drupal Security Team ========================================================= + CERT-RENATER | tel : 01-53-94-20-44 + + 23/25 Rue Daviel | fax : 01-53-94-20-41 + + 75013 Paris | email:cert@support.renater.fr + =========================================================