SAML Service Provider - Critical - Access bypass - SA-CONTRIB-2020-006

SAML Service Provider - Critical - Access bypass - SA-CONTRIB-2020-006

Project: SAML Service Provider
Date: 2020-March-11
Security risk: Critical 15∕25
Vulnerability: Access bypass

Description

This module enables you to authenticate Drupal users using an external SAML Identity Provider.

If the site is configured to allow visitors to register for user accounts but administrator approval is required, the module doesn't sufficiently enforce the administrative approval requirement, in the case where the requesting user has already authenticated through SAML.

This vulnerability is mitigated by the fact that user accounts created in this way have only default roles, which may not have access significantly beyond that of an anonymous user. To mitigate the vulnerability without upgrading sites could disable public registration.

Solution

Install the latest version:

If you use the SAML Service Provider module for Drupal 8.x, upgrade to SAML Service Provider 8.x-3.7
Also see the SAML Service Provider project page.

Nick Onom's picture
Nick Onom
Marketing Project Manager
Enthusiastic about all kind of Open Source applications, AI, bitcoins, but mostly about Drupal. For last years has been actively developing AltaGrade's new back-end system.

We value your opinion. Please add your feedback.