← back
CVE-2010-3686

CVE-2010-3686

EPSS 2.4%
The OpenID module in Drupal 6.x before 6.18, and the OpenID module 5.x before 5.x-1.4 for Drupal, violates the OpenID 2.0 protocol by not ensuring that fields are signed, which allows remote attackers to bypass authentication by leveraging an assertion from an OpenID provider.
Affected products
n/a · n/a

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
http://drupal.org/node/880476http://drupal.org/node/880480http://marc.info/?l=oss-security&m=128418560705305&w=2http://marc.info/?l=oss-security&m=128440896914512&w=2http://www.debian.org/security/2010/dsa-2113http://www.securityfocus.com/bid/42388