CVE-2012-2760

mod_auth_openid before 0.7 for Apache uses world-readable permissions for /tmp/mod_auth_openid.db, which allows local users to obtain session ids.

Date published : 2012-07-25

http://www.securityfocus.com/bid/53661

https://github.com/bmuller/mod_auth_openid/blob/master/ChangeLog