Lucene search

K
cvelistRedhatCVELIST:CVE-2010-3091
HistorySep 29, 2010 - 4:00 p.m.

CVE-2010-3091

2010-09-2916:00:00
redhat
www.cve.org
6
openid
drupal
security
vulnerability
protocol
authentication

AI Score

6.6

Confidence

High

EPSS

0.006

Percentile

78.4%

The OpenID module in Drupal 6.x before 6.18, and the OpenID module 5.x before 5.x-1.4 for Drupal, violates the OpenID 2.0 protocol by not verifying the openid.return_to value, which allows remote attackers to bypass authentication by leveraging an assertion from an OpenID provider.

AI Score

6.6

Confidence

High

EPSS

0.006

Percentile

78.4%