Unrated severityNVD Advisory· Published Oct 31, 2012· Updated Apr 29, 2026

CVE-2012-4494

Description

The Shibboleth authentication module 7.x-4.0 for Drupal does not properly check the active status of users, which allows remote blocked users to access bypass intended access restrictions and possibly have other impacts by logging in.

Affected products

Niif/Shibb Auth
cpe:2.3:a:niif:shibb_auth:7.x-4.0:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

drupal.org/node/1719392nvdVendor Advisory
drupal.org/node/1493244nvd
drupalcode.org/project/shib_auth.git/commitdiff/2032f0anvd
www.openwall.com/lists/oss-security/2012/10/04/6nvd
www.openwall.com/lists/oss-security/2012/10/07/1nvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000