mahara: insecure default/privilege escalation
| Package(s): | mahara | CVE #(s): | |||||
| Created: | May 9, 2012 | Updated: | May 9, 2012 | ||||
| Description: | From the Debian advisory: It was discovered that Mahara, the portfolio, weblog, and resume builder, had an insecure default with regards to SAML-based authentication used with more than one SAML identity provider. Someone with control over one IdP could impersonate users from other IdP's. | ||||||
| Alerts: |
| ||||||