CVE-2012-2351 in Maharainfo

Summary

The default configuration of the auth/saml plugin in Mahara before 1.4.2 sets the "Match username attribute to Remote username" option to false, which allows remote SAML IdP servers to spoof users of other SAML IdP servers by using the same internal username.

Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.

Reservation

04/19/2012

Disclosure

07/12/2012

Moderation

VulDB entry created

Entries

VDB-61263 (1)

CPE

ready

CWE

CWE-16 (Confirmed)

CVSS

5.3

EPSS

0.00331

Activities

Very Low

Sources

MITRE	https://www.cve.org/CVERecord?id=CVE-2012-2351
NVD	https://nvd.nist.gov/vuln/detail/CVE-2012-2351
CVE Details	https://www.cvedetails.com/cve/CVE-2012-2351/

◂ Previous Overview Next ▸

Might our Artificial Intelligence support you?

Check our Alexa App!