Vulnerabilities

CVE-2016-2049

by Fred · 01/02/2016

examples/consumer/common.php in JanRain PHP OpenID library (aka php-openid) improperly checks the openid.realm parameter against the SERVER_NAME element in the SERVER superglobal array, which might allow remote attackers to hijack the authentication of arbitrary users via vectors involving a crafted HTTP Host header.

Date published : 2016-02-01

http://www.openwall.com/lists/oss-security/2016/01/24/2

http://www.openwall.com/lists/oss-security/2016/01/24/5

Similar

Tags: Cybersecurity Alert