Lucene search

K
Peter WolaninOpenid5.x-1.x

5 matches found

CVE
CVE
added 2010/09/29 5:0 p.m.55 views

CVE-2010-3091

The OpenID module in Drupal 6.x before 6.18, and the OpenID module 5.x before 5.x-1.4 for Drupal, violates the OpenID 2.0 protocol by not verifying the openid.return_to value, which allows remote attackers to bypass authentication by leveraging an assertion from an OpenID provider.

5CVSS6.9AI score0.0073EPSS
CVE
CVE
added 2010/09/29 5:0 p.m.50 views

CVE-2010-3686

The OpenID module in Drupal 6.x before 6.18, and the OpenID module 5.x before 5.x-1.4 for Drupal, violates the OpenID 2.0 protocol by not ensuring that fields are signed, which allows remote attackers to bypass authentication by leveraging an assertion from an OpenID provider.

5CVSS7AI score0.0073EPSS
CVE
CVE
added 2010/09/29 5:0 p.m.47 views

CVE-2010-3685

The OpenID module in Drupal 6.x before 6.18, and the OpenID module 5.x before 5.x-1.4 for Drupal, violates the OpenID 2.0 protocol by not checking for reuse of openid.response_nonce values, which allows remote attackers to bypass authentication by leveraging an assertion from an OpenID provider.

5CVSS7AI score0.0073EPSS
CVE
CVE
added 2009/06/27 6:47 p.m.28 views

CVE-2008-6835

Cross-site scripting (XSS) vulnerability in OpenID 5.x before 5.x-1.2, a module for Drupal, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

4.3CVSS5.9AI score0.00319EPSS
CVE
CVE
added 2009/06/27 6:47 p.m.27 views

CVE-2008-6836

Cross-site request forgery (CSRF) vulnerability in OpenID 5.x before 5x.-1.2, a module for Drupal, allows remote attackers to hijack the authentication of unspecified victims to delete OpenID identities via unknown vectors.

6.8CVSS7.3AI score0.00147EPSS