Описание
The OpenID module in Drupal 6.x before 6.18, and the OpenID module 5.x before 5.x-1.4 for Drupal, violates the OpenID 2.0 protocol by not verifying the openid.return_to value, which allows remote attackers to bypass authentication by leveraging an assertion from an OpenID provider.
| Релиз | Статус | Примечание |
|---|---|---|
| dapper | DNE | |
| devel | not-affected | 6.18-1 |
| hardy | DNE | |
| jaunty | ignored | end of life |
| karmic | ignored | end of life |
| lucid | not-affected | 6.16-1 |
| maverick | not-affected | 6.18-1 |
| natty | not-affected | 6.18-1 |
| upstream | released | 6.18-1, 6.16-1 |
Показывать по
Ссылки на источники
EPSS
5 Medium
CVSS2
Связанные уязвимости
The OpenID module in Drupal 6.x before 6.18, and the OpenID module 5.x before 5.x-1.4 for Drupal, violates the OpenID 2.0 protocol by not verifying the openid.return_to value, which allows remote attackers to bypass authentication by leveraging an assertion from an OpenID provider.
The OpenID module in Drupal 6.x before 6.18, and the OpenID module 5.x ...
The OpenID module in Drupal 6.x before 6.18, and the OpenID module 5.x before 5.x-1.4 for Drupal, violates the OpenID 2.0 protocol by not verifying the openid.return_to value, which allows remote attackers to bypass authentication by leveraging an assertion from an OpenID provider.
EPSS
5 Medium
CVSS2