Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in

Apache Mod_Auth_OpenID - Session Stealing

🗓️ 24 May 2012 00:00:00Reported by Peter EllehaugeType 
exploitdb
 exploitdb🔗 www.exploit-db.com👁 31 Views

Apache Mod_Auth_OpenID - Session Stealing Advisory May 201

Related
Code
ReporterTitlePublishedViews
Family
0day.today		Mod_Auth_OpenID Session Stealing Vulnerability
24 May 201200:00
zdt
Circl		CVE-2012-2760
24 May 201200:00
circl
CVE		CVE-2012-2760
25 Jul 201219:00
cve
Cvelist		CVE-2012-2760
25 Jul 201219:00
cvelist
Debian CVE		CVE-2012-2760
25 Jul 201219:00
debiancve
EUVD		EUVD-2012-2740
7 Oct 202500:30
euvd
exploitpack		Apache Mod_Auth_OpenID - Session Stealing
24 May 201200:00
exploitpack
NVD		CVE-2012-2760
25 Jul 201219:55
nvd
OSV		CVE-2012-2760
25 Jul 201219:55
osv
OSV		DEBIAN-CVE-2012-2760
25 Jul 201219:55
osv
Rows per page
https://github.com/paranoid/mod_auth_openid/blob/master/CVE-2012-2760.markdown


# Security Advisory 1201
    Summary           : Session stealing
    Date              : May 2012
    Affected versions : all versions prior to mod_auth_openid-0.7
    ID                : mod_auth_openid-1201
    CVE reference     : CVE-2012-2760

# Details
Session ids are stored insecurely in /tmp/mod_auth_openid.db (default
filename). The db is world readable and the session ids are stored
unencrypted.

# Impact
If a user has access to the filesystem on the mod_auth_openid server,
they can steal all of the current openid authenticated sessions

# Workarounds
A quick improvement of the situation is to chmod 0400 the DB file.
Default location is /tmp/mod_auth_openid.db unless another location
has been configured in AuthOpenIDDBLocation.

# Solution
Upgrade to mod_auth_openid-0.7 or later:
http://findingscience.com/mod_auth_openid/releases

# Credits
This vulnerability was reported by Peter Ellehauge, ptr at groupon dot
com. Fixed by Brian Muller bmuller at gmail dot com

# References
mod_auth_openid project: http://findingscience.com/mod_auth_openid/

# History
15 May 2012
Discovered the vulnerability. Created private patch.

16 May 2012
Notified maintainer.
Obtained CVE-id

22 May 2012
Fixed by Brian Muller (bmuller at gmail dot com) in
mod_auth_openid-0.7 -
https://github.com/bmuller/mod_auth_openid/blob/master/ChangeLog

-- 
ptr

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

Book a live demo
24 May 2012 00:00Current
6.5Medium risk
Vulners AI Score6.5
CVSS 22.1
EPSS0.00371
apache mod_auth_openidsession stealingvulnerabilitycve-2012-2760filesystem accesssecurity advisory
31