Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in

Mod_Auth_OpenID Session Stealing

🗓️ 23 May 2012 00:00:00Reported by Peter EllehaugeType 
packetstorm
 packetstorm🔗 packetstormsecurity.com👁 27 Views

Mod_Auth_OpenID Session Stealing advisor

Related
Code
ReporterTitlePublishedViews
Family
0day.today		Mod_Auth_OpenID Session Stealing Vulnerability
24 May 201200:00
zdt
Circl		CVE-2012-2760
24 May 201200:00
circl
CVE		CVE-2012-2760
25 Jul 201219:00
cve
Cvelist		CVE-2012-2760
25 Jul 201219:00
cvelist
Debian CVE		CVE-2012-2760
25 Jul 201219:00
debiancve
Exploit DB		Apache Mod_Auth_OpenID - Session Stealing
24 May 201200:00
exploitdb
EUVD		EUVD-2012-2740
7 Oct 202500:30
euvd
exploitpack		Apache Mod_Auth_OpenID - Session Stealing
24 May 201200:00
exploitpack
NVD		CVE-2012-2760
25 Jul 201219:55
nvd
OSV		DEBIAN-CVE-2012-2760
25 Jul 201219:55
osv
Rows per page
`https://github.com/paranoid/mod_auth_openid/blob/master/CVE-2012-2760.markdown  
  
  
# Security Advisory 1201  
Summary : Session stealing  
Date : May 2012  
Affected versions : all versions prior to mod_auth_openid-0.7  
ID : mod_auth_openid-1201  
CVE reference : CVE-2012-2760  
  
# Details  
Session ids are stored insecurely in /tmp/mod_auth_openid.db (default  
filename). The db is world readable and the session ids are stored  
unencrypted.  
  
# Impact  
If a user has access to the filesystem on the mod_auth_openid server,  
they can steal all of the current openid authenticated sessions  
  
# Workarounds  
A quick improvement of the situation is to chmod 0400 the DB file.  
Default location is /tmp/mod_auth_openid.db unless another location  
has been configured in AuthOpenIDDBLocation.  
  
# Solution  
Upgrade to mod_auth_openid-0.7 or later:  
http://findingscience.com/mod_auth_openid/releases  
  
# Credits  
This vulnerability was reported by Peter Ellehauge, ptr at groupon dot  
com. Fixed by Brian Muller bmuller at gmail dot com  
  
# References  
mod_auth_openid project: http://findingscience.com/mod_auth_openid/  
  
# History  
15 May 2012  
Discovered the vulnerability. Created private patch.  
  
16 May 2012  
Notified maintainer.  
Obtained CVE-id  
  
22 May 2012  
Fixed by Brian Muller (bmuller at gmail dot com) in  
mod_auth_openid-0.7 -  
https://github.com/bmuller/mod_auth_openid/blob/master/ChangeLog  
  
--   
ptr  
`

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

Book a live demo
23 May 2012 00:00Current
6.5Medium risk
Vulners AI Score6.5
EPSS0.00371
session stealingmod_auth_openidcve-2012-2760insecure storageworld readableunencryptedauthopeniddblocationchmod 0400filesystem accessbrian mullerpeter ellehauge
27