Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in

Mod_Auth_OpenID Session Stealing Vulnerability

🗓️ 24 May 2012 00:00:00Reported by Peter EllehaugeType 
zdt
 zdt🔗 0day.today👁 18 Views

Mod_Auth_OpenID Session Stealing Vulnerability, May 2012, all versions prior to mod_auth_openid-0.7, CVE-2012-276

Related
Code
ReporterTitlePublishedViews
Family
Circl		CVE-2012-2760
24 May 201200:00
circl
CVE		CVE-2012-2760
25 Jul 201219:00
cve
Cvelist		CVE-2012-2760
25 Jul 201219:00
cvelist
Debian CVE		CVE-2012-2760
25 Jul 201219:00
debiancve
Exploit DB		Apache Mod_Auth_OpenID - Session Stealing
24 May 201200:00
exploitdb
EUVD		EUVD-2012-2740
7 Oct 202500:30
euvd
exploitpack		Apache Mod_Auth_OpenID - Session Stealing
24 May 201200:00
exploitpack
NVD		CVE-2012-2760
25 Jul 201219:55
nvd
OSV		DEBIAN-CVE-2012-2760
25 Jul 201219:55
osv
Packet Storm		Mod_Auth_OpenID Session Stealing
23 May 201200:00
packetstorm
Rows per page
# Security Advisory 1201
    Summary           : Session stealing
    Date              : May 2012
    Affected versions : all versions prior to mod_auth_openid-0.7
    ID                : mod_auth_openid-1201
    CVE reference     : CVE-2012-2760
 
# Details
Session ids are stored insecurely in /tmp/mod_auth_openid.db (default
filename). The db is world readable and the session ids are stored
unencrypted.
 
# Impact
If a user has access to the filesystem on the mod_auth_openid server,
they can steal all of the current openid authenticated sessions
 
# Workarounds
A quick improvement of the situation is to chmod 0400 the DB file.
Default location is /tmp/mod_auth_openid.db unless another location
has been configured in AuthOpenIDDBLocation.
 
# Solution
Upgrade to mod_auth_openid-0.7 or later:
http://findingscience.com/mod_auth_openid/releases
 
# Credits
This vulnerability was reported by Peter Ellehauge, ptr at groupon dot
com. Fixed by Brian Muller bmuller at gmail dot com
 
# References
mod_auth_openid project: http://findingscience.com/mod_auth_openid/
 
# History
15 May 2012
Discovered the vulnerability. Created private patch.
 
16 May 2012
Notified maintainer.
Obtained CVE-id
 
22 May 2012
Fixed by Brian Muller (bmuller at gmail dot com) in
mod_auth_openid-0.7 -
https://github.com/bmuller/mod_auth_openid/blob/master/ChangeLog
 
-- 
ptr



#  0day.today [2018-02-09]  #

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

Book a live demo
24 May 2012 00:00Current
6.8Medium risk
Vulners AI Score6.8
EPSS0.00371
session stealinginsecure storagefilesystem accessauthenticationvulnerabilitysolutionupgradecve-2012-2760patchreportcreditmod_auth_openid
18