Lucene search
+L
Peter WolaninOpenid

5 matches found

CVE
CVE
added 2010/09/29 4:0 p.m.75 views

CVE-2010-3686

The CVE-2010-3686 issue affects Drupal 6.x OpenID module before 6.18 and OpenID module 5.x before 5.x-1.4, where OpenID fields aren’t consistently signed, allowing remote attackers to bypass authentication via an OpenID provider assertion. Fixes are available: upgrade Drupal/OpenID to 6.18+ (and ...

5CVSS7AI score0.02372EPSS
CVE
CVE
added 2010/09/29 4:0 p.m.71 views

CVE-2010-3091

CVE-2010-3091 affects Drupal's OpenID integration: Drupal 6.x prior to 6.18 and OpenID module 5.x prior to 5.x-1.4 do not verify openid.return_to, allowing an attacker to bypass authentication using an OpenID provider assertion. The issue is a protocol-level validation flaw in the OpenID flow. Pu...

5CVSS6.9AI score0.02372EPSS
CVE
CVE
added 2010/09/29 4:0 p.m.63 views

CVE-2010-3685

Summary of CVE-2010-3685 : The OpenID module in Drupal 6.x before 6.18 and the OpenID module 5.x before 5.x-1.4 fail to validate reuse of openid.response_nonce values, enabling remote attackers to bypass authentication by leveraging an assertion from an OpenID provider. This is a protocol-level f...

5CVSS7AI score0.02372EPSS
CVE
CVE
added 2009/06/27 6:0 p.m.40 views

CVE-2008-6835

OpenID 5.x module for Drupal is affected by CVE-2008-6835. The vulnerability is a Cross-site Scripting (XSS) flaw in OpenID 5.x before 5.x-1.2 that allows remote attackers to inject arbitrary script or HTML via unspecified vectors. The affected product is Drupal’s OpenID 5.x module; root cause is...

4.3CVSS5.9AI score0.01065EPSS
CVE
CVE
added 2009/06/27 6:0 p.m.40 views

CVE-2008-6836

CVE-2008-6836 describes a CSRF vulnerability in the OpenID 5.x Drupal module (versions before 5x.-1.2) that allows remote attackers to hijack user authentication and delete OpenID identities via unspecified vectors. Affected software is the OpenID Drupal module; the root cause is a CSRF flaw in t...

6.8CVSS7.3AI score0.00629EPSS