12 matches found
EUVD-2014-2714
Malware in sbrugna...
EUVD-2014-2713
Malware in sbrugna...
ZendOpenID potential security issue in login mechanism
Using the Consumer component of ZendOpenId or ZendOpenId in ZF1, it is possible to login using an arbitrary OpenID account without knowing any secret information by using a malicious OpenID Provider. That means OpenID it is possible to login using arbitrary OpenID Identity MyOpenID, Google, etc,...
GHSA-3X57-M5P4-RGH4 ZendOpenID potential security issue in login mechanism
Using the Consumer component of ZendOpenId or ZendOpenId in ZF1, it is possible to login using an arbitrary OpenID account without knowing any secret information by using a malicious OpenID Provider. That means OpenID it is possible to login using arbitrary OpenID Identity MyOpenID, Google, etc,...
Several Zend Products Vulnerable to XXE and XEE attacks
Zend Framework 1 ZF1 before 1.12.4, Zend Framework 2 before 2.1.6 and 2.2.x before 2.2.6, ZendOpenId, ZendRest, ZendServiceAudioScrobbler, ZendServiceNirvanix, ZendServiceSlideShare, ZendServiceTechnorati, and ZendServiceWindowsAzure before 2.0.2, ZendServiceAmazon before 2.0.3, and ZendServiceAp...
Authentication Bypass
zendframework/zendframework1 and zendframework/zendopenid are vulnerable to authentication bypass. The consumer classes only ensure that at least one field is signed, allowing attackers to leverage this assertion to bypass authentication...
CVE-2014-2684
The GenericConsumer class in the Consumer component in ZendOpenId before 2.0.2 and the ZendOpenIdConsumer class in Zend Framework 1 before 1.12.4 does not verify that the openidopendpoint value identifies the same Identity Provider as the provider used in the association handle, which allows remo...
CVE-2014-2684
CVE-2014-2684 affects ZendOpenId (GenericConsumer in the Consumer component) up to version 2.0.2 and Zend Framework 1 up to 1.12.3/1.12.4, where there is a failure to verify that the openid_op_endpoint corresponds to the same Identity Provider used in the association handle. This allows an attack...
CVE-2014-2685
The GenericConsumer class in the Consumer component in ZendOpenId before 2.0.2 and the ZendOpenIdConsumer class in Zend Framework 1 before 1.12.4 violate the OpenID 2.0 protocol by ensuring only that at least one field is signed, which allows remote attackers to bypass authentication by leveragin...
CVE-2014-2685
The GenericConsumer class in the Consumer component in ZendOpenId before 2.0.2 and the ZendOpenIdConsumer class in Zend Framework 1 before 1.12.4 violate the OpenID 2.0 protocol by ensuring only that at least one field is signed, which allows remote attackers to bypass authentication by leveragin...
Potential security issue in login mechanism of ZendOpenId and Zend_OpenId consumer
More info at https://framework.zend.com/security/advisory/ZF2014-02...
Potential security issue in login mechanism of ZendOpenId and Zend_OpenId consumer
More info at https://framework.zend.com/security/advisory/ZF2014-02...