openid/php-openid is vulnerable to authentication hijack. examples/consumer/common.php
incorrectly checks the openid.realm
parameter against the SERVER_NAME
element. This can be leveraged by attackers to hijack authentication through HTTP host headers.
CPE | Name | Operator | Version |
---|---|---|---|
openid/php-openid | le | 3.0.3 |