CVE-2022-26493

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2022-26493
Xecurify's miniOrange Premium, Standard, and Enterprise Drupal SAML SP modules possess an authentication and authorization bypass vulnerability. An attacker with access to a HTTP-request intercepting method is able to bypass authentication and authorization by removing the SAML Assertion Signature - impersonating existing users and existing roles, including administrative users/roles. This vulnerability is not mitigated by configuring the module to enforce signatures or certificate checks. Xecurify recommends updating miniOrange modules to their most recent versions. This vulnerability is present in paid versions of the miniOrange Drupal SAML SP product affecting Drupal 7, 8, and 9.

8.8 /10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

6.5 /10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:L/Au:S/C:P/I:P/A:P

Exploitability : 8.0 / Impact : 6.4

Access Vector NETWORK

Access Complexity LOW

Authentication SINGLE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References
Link Resource
https://rafarmerjr1.github.io/2022/06/13/SAML-miniOrange.html
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:drupal:saml_sp_2.0_single_sign_on:*:*:*:*:*:*:*:*
cpe:2.3:a:drupal:saml_sp_2.0_single_sign_on:*:*:*:*:*:*:*:*
History

03 Jul 2022, 19:15

Type Values Removed Values Added
Summary Multiple vulnerabilities vulnerability in Drupal SAML SP 2.0 Single Sign On (SSO) - SAML Service Provider in certain non-default configurations allow a malicious user to login as any chosen user. The vulnerability is mitigated by the module's default settings which require the options "Either sign SAML assertions" and "x509 certificate". This issue affects: Drupal SAML SP 2.0 Single Sign On (SSO) - SAML Service Provider 8.x version 8.x-2.24 and prior versions; 7.x version 7.x-2.57 and prior versions. Xecurify's miniOrange Premium, Standard, and Enterprise Drupal SAML SP modules possess an authentication and authorization bypass vulnerability. An attacker with access to a HTTP-request intercepting method is able to bypass authentication and authorization by removing the SAML Assertion Signature - impersonating existing users and existing roles, including administrative users/roles. This vulnerability is not mitigated by configuring the module to enforce signatures or certificate checks. Xecurify recommends updating miniOrange modules to their most recent versions. This vulnerability is present in paid versions of the miniOrange Drupal SAML SP product affecting Drupal 7, 8, and 9.
References
  • {'url': 'https://www.drupal.org/sa-contrib-2021-036', 'name': 'https://www.drupal.org/sa-contrib-2021-036', 'tags': ['Vendor Advisory'], 'refsource': 'CONFIRM'}
  • (MISC) https://rafarmerjr1.github.io/2022/06/13/SAML-miniOrange.html -

13 Jun 2022, 17:29

Type Values Removed Values Added
References (CONFIRM) https://www.drupal.org/sa-contrib-2021-036 - (CONFIRM) https://www.drupal.org/sa-contrib-2021-036 - Vendor Advisory
CWE CWE-295
First Time Drupal saml Sp 2.0 Single Sign On
Drupal
CPE cpe:2.3:a:drupal:saml_sp_2.0_single_sign_on:*:*:*:*:*:*:*:*
CVSS v2 : unknown
v3 : unknown 		v2 : 6.5
v3 : 8.8

03 Jun 2022, 18:15

Type Values Removed Values Added
New CVE
Information

Published : 2022-06-03 18:15

Updated : 2023-12-10 14:22

NVD link : CVE-2022-26493

Mitre link : CVE-2022-26493

CVE.ORG link : CVE-2022-26493

JSON object : View

Products Affected

drupal

  • saml_sp_2.0_single_sign_on
CWE
CWE-295

Improper Certificate Validation