CVE-2012-4494 Information

Description

The Shibboleth authentication module 7.x-4.0 for Drupal does not properly check the active status of users which allows remote blocked users to access bypass intended access restrictions and possibly have other impacts by logging in.

Reference

http://drupal.org/node/1493244 http://drupal.org/node/1719392 http://drupalcode.org/project/shib_auth.git/commitdiff/2032f0a http://www.openwall.com/lists/oss-security/2012/10/04/6 http://www.openwall.com/lists/oss-security/2012/10/07/1