Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline

Openid Security Vulnerabilities

cve
cve

CVE-2008-3280

It was found that various OpenID Providers (OPs) had TLS Server Certificates that used weak keys, as a result of the Debian Predictable Random Number Generator (CVE-2008-0166). In combination with the DNS Cache Poisoning issue (CVE-2008-1447) and the fact that almost all SSL/TLS implementations do....

5.9CVSS

6.7AI Score

0.133EPSS

2021-05-21 08:15 PM
64
cve
cve

CVE-2020-26244

Python oic is a Python OpenID Connect implementation. In Python oic before version 1.2.1, there are several related cryptographic issues affecting client implementations that use the library. The issues are: 1) The IdToken signature algorithm was not checked automatically, but only if the expected....

6.8CVSS

6.5AI Score

0.002EPSS

2020-12-02 08:15 PM
44
cve
cve

CVE-2019-11027

Ruby OpenID (aka ruby-openid) through 2.8.0 has a remotely exploitable flaw. This library is used by Rails web applications to integrate with OpenID Providers. Severity can range from medium to critical, depending on how a web application developer chose to employ the ruby-openid library....

9.8CVSS

9.2AI Score

0.005EPSS

2019-06-10 07:29 PM
87
cve
cve

CVE-2019-9837

Doorkeeper::OpenidConnect (aka the OpenID Connect extension for Doorkeeper) 1.4.x and 1.5.x before 1.5.4 has an open redirect via the redirect_uri field in an OAuth authorization request (that results in an error response) with the 'openid' scope and a prompt=none value. This allows phishing...

6.1CVSS

6.1AI Score

0.001EPSS

2019-03-21 04:01 PM
47
cve
cve

CVE-2011-4314

message/ax/AxMessage.java in OpenID4Java before 0.9.6 final, as used in JBoss Enterprise Application Platform 5.1 before 5.1.2, Step2, Kay Framework before 1.0.2, and possibly other products does not verify that Attribute Exchange (AX) information is signed, which allows remote attackers to modify....

6.1AI Score

0.005EPSS

2012-01-27 03:55 PM
32
cve
cve

CVE-2007-5173

PHP remote file inclusion vulnerability in includes/openid/Auth/OpenID/BBStore.php in phpBB Openid 0.2.0 allows remote attackers to execute arbitrary PHP code via a URL in the openid_root_path...

7.5AI Score

0.09EPSS

2007-10-03 02:17 PM
64
cve
cve

CVE-2007-1652

OpenID allows remote attackers to forcibly log a user into an OpenID enabled site, divulge the user's personal information to this site, and add it site to the trusted sites list via a crafted web page, related to cached...

6.3AI Score

0.025EPSS

2007-03-24 12:19 AM
46
cve
cve

CVE-2007-1651

Cross-site request forgery (CSRF) vulnerability in OpenID allows remote attackers to restore the login session of a user on an OpenID enabled site via unspecified vectors related to an arbitrary remote web site and cached tokens, after the user has signed into an OpenID server, logged into the...

6.9AI Score

0.025EPSS

2007-03-24 12:19 AM
34