← volver
CVE-2010-3686

CVE-2010-3686

EPSS 2.4%
The OpenID module in Drupal 6.x before 6.18, and the OpenID module 5.x before 5.x-1.4 for Drupal, violates the OpenID 2.0 protocol by not ensuring that fields are signed, which allows remote attackers to bypass authentication by leveraging an assertion from an OpenID provider.
Productos afectados
n/a · n/a

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →
Referencias
http://drupal.org/node/880476http://drupal.org/node/880480http://marc.info/?l=oss-security&m=128418560705305&w=2http://marc.info/?l=oss-security&m=128440896914512&w=2http://www.debian.org/security/2010/dsa-2113http://www.securityfocus.com/bid/42388