Man-in-the-Middle (MitM)

python-openid is vulnerable to man-in-the-middle MitM attacks. The vulnerability exists due to the usage of urllib2 which does not perform the verification of SSL Certificates. This defeats the purpose of SSL Certificates, allowing tampered connections to succeed and to happen unnoticed...

Denial Of Service (DoS)

python-openid is vulnerable to Denial of Service DoS attacks. The vulnerability exists due to the usage of an insecure Yardis XRDS parser which contains a series of weaknesses that allows XML attacks such as the Billion Laugh attack...