Описание
The OpenID module in Drupal 6.x before 6.18, and the OpenID module 5.x before 5.x-1.4 for Drupal, violates the OpenID 2.0 protocol by not checking for reuse of openid.response_nonce values, which allows remote attackers to bypass authentication by leveraging an assertion from an OpenID provider.
| Релиз | Статус | Примечание |
|---|---|---|
| dapper | DNE | |
| devel | DNE | |
| hardy | released | 5.7-1ubuntu1.3 |
| jaunty | ignored | end of life |
| karmic | released | 5.18-1.1ubuntu2.2 |
| lucid | DNE | |
| maverick | DNE | |
| natty | DNE | |
| upstream | released | 5.23 |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| dapper | DNE | |
| devel | not-affected | |
| hardy | DNE | |
| jaunty | ignored | end of life |
| karmic | ignored | end of life |
| lucid | released | 6.16-1ubuntu0.1 |
| maverick | not-affected | 6.18-1ubuntu1 |
| natty | not-affected | |
| upstream | released | 6.18-1 |
Показывать по
Ссылки на источники
EPSS
5 Medium
CVSS2
Связанные уязвимости
The OpenID module in Drupal 6.x before 6.18, and the OpenID module 5.x before 5.x-1.4 for Drupal, violates the OpenID 2.0 protocol by not checking for reuse of openid.response_nonce values, which allows remote attackers to bypass authentication by leveraging an assertion from an OpenID provider.
The OpenID module in Drupal 6.x before 6.18, and the OpenID module 5.x ...
The OpenID module in Drupal 6.x before 6.18, and the OpenID module 5.x before 5.x-1.4 for Drupal, violates the OpenID 2.0 protocol by not checking for reuse of openid.response_nonce values, which allows remote attackers to bypass authentication by leveraging an assertion from an OpenID provider.
EPSS
5 Medium
CVSS2