Vulnerabilities

CVE-2010-3685

by Fred · 29/09/2010

The OpenID module in Drupal 6.x before 6.18, and the OpenID module 5.x before 5.x-1.4 for Drupal, violates the OpenID 2.0 protocol by not checking for reuse of openid.response_nonce values, which allows remote attackers to bypass authentication by leveraging an assertion from an OpenID provider.

Date published : 2010-09-29

http://www.securityfocus.com/bid/42388

http://drupal.org/node/880476

Related

Tags: Cybersecurity Alert