← back
CVE-2012-0825

CVE-2012-0825

EPSS 2.0%
Drupal 6.x before 6.23 and 7.x before 7.11 does not verify that Attribute Exchange (AX) information is signed, which allows remote attackers to modify potentially sensitive AX information without detection via a man-in-the-middle (MITM) attack.
Affected products
n/a · n/a

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
http://openid.net/2011/05/05/attribute-exchange-security-alert/https://drupal.org/node/1425084http://www.debian.org/security/2013/dsa-2776