9 matches found
EUVD-2013-4131
Malware in sbrugna...
Cross site request forgery (csrf)
Cross-site request forgery CSRF vulnerability in the personaxsrftoken function in persona.module in the Mozilla Persona module 7.x-1.x before 7.x-1.11 for Drupal allows remote attackers to hijack the authentication of aribitrary users via a security token that is not a string data type...
CVE-2013-4227
Cross-site request forgery CSRF vulnerability in the personaxsrftoken function in persona.module in the Mozilla Persona module 7.x-1.x before 7.x-1.11 for Drupal allows remote attackers to hijack the authentication of aribitrary users via a security token that is not a string data type...
Authentication flaw
The BrowserID Mozilla Persona module 7.x-1.x before 7.x-1.3 for Drupal allows remote attackers to hijack the authentication of arbitrary users via the audience identifier...
CVE-2012-2714
The CVE-2012-2714 entry concerns the Drupal BrowserID (Mozilla Persona) module for Drupal 7.x-1.x, vulnerable before 7.x-1.3. The underlying issue is insufficient validation of authentication requests, allowing remote attackers to hijack arbitrary user authentication via the audience identifier. ...
SA-CONTRIB-2013-064 - Persona - Cross site request forgery (CSRF)
This module enables users to sign into a Drupal website using Mozilla Persona. The module uses a security token to ensure that a sign-in request is made from a web page that is participating in the current session. It was possible for a security token that was not of type "string" to be accepted ...
MozTrap Open Redirect
Title: moztrap.mozilla.org URL Redirection Vulnerability Discovery Date: 15/04/13 | Release Date: 13/06/13 Author: Junaid Hussain illSecure Research Group Contact: [email protected] | Website: illSecure.com Risk: Low...
Drupal ‘BrowserID’ 跨站请求伪造漏洞和安全绕过漏洞
Drupal是一款开源CMS,可以作为各种网站的内容管理平台。 Drupal的BrowserID(Mozilla Persona)模块中存在跨站请求伪造漏洞和安全绕过漏洞。 攻击者可利用这些漏洞绕过安全限制进而获取敏感信息,或者执行未授权操作,获取对受影响应用程序的访问,这可能导致进一步的攻击。 BrowserID(Mozilla Persona) 7.x-1.3之前的7.x-1.x版本中存在这些漏洞。 0 7.x-1.x 厂商解决方案 目前厂商已经发布了升级补丁以修复此安全问题,补丁获取链接: http://drupal.org/node/1597414...
SA-CONTRIB-2012-085 - BrowserID - Multiple Vulnerabilities
CSRF Issue: CVE: CVE-2012-2713 BrowserID login theft: CVE: CVE-2012-2714 The BrowserID module provides integration with BrowserID also known as Mozilla Persona -- a Mozilla project that lets users of your site quickly and easily log in without needing to remember a password specific to your site...