5 matches found
CVE-2010-3686
The CVE-2010-3686 issue affects Drupal 6.x OpenID module before 6.18 and OpenID module 5.x before 5.x-1.4, where OpenID fields aren’t consistently signed, allowing remote attackers to bypass authentication via an OpenID provider assertion. Fixes are available: upgrade Drupal/OpenID to 6.18+ (and ...
CVE-2010-3091
CVE-2010-3091 affects Drupal's OpenID integration: Drupal 6.x prior to 6.18 and OpenID module 5.x prior to 5.x-1.4 do not verify openid.return_to, allowing an attacker to bypass authentication using an OpenID provider assertion. The issue is a protocol-level validation flaw in the OpenID flow. Pu...
CVE-2010-3685
Summary of CVE-2010-3685 : The OpenID module in Drupal 6.x before 6.18 and the OpenID module 5.x before 5.x-1.4 fail to validate reuse of openid.response_nonce values, enabling remote attackers to bypass authentication by leveraging an assertion from an OpenID provider. This is a protocol-level f...
CVE-2008-6835
OpenID 5.x module for Drupal is affected by CVE-2008-6835. The vulnerability is a Cross-site Scripting (XSS) flaw in OpenID 5.x before 5.x-1.2 that allows remote attackers to inject arbitrary script or HTML via unspecified vectors. The affected product is Drupal’s OpenID 5.x module; root cause is...
CVE-2008-6836
CVE-2008-6836 describes a CSRF vulnerability in the OpenID 5.x Drupal module (versions before 5x.-1.2) that allows remote attackers to hijack user authentication and delete OpenID identities via unspecified vectors. Affected software is the OpenID Drupal module; the root cause is a CSRF flaw in t...