← voltar
CVE-2010-3091

CVE-2010-3091

EPSS 2.4%
The OpenID module in Drupal 6.x before 6.18, and the OpenID module 5.x before 5.x-1.4 for Drupal, violates the OpenID 2.0 protocol by not verifying the openid.return_to value, which allows remote attackers to bypass authentication by leveraging an assertion from an OpenID provider.
Produtos afetados
n/a · n/a

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →
Referências
http://drupal.org/node/880476http://drupal.org/node/880480http://marc.info/?l=oss-security&m=128418560705305&w=2http://marc.info/?l=oss-security&m=128440896914512&w=2http://www.debian.org/security/2010/dsa-2113http://www.securityfocus.com/bid/42388