Description

The OpenID module in Drupal 6.x before 6.18, and the OpenID module 5.x before 5.x-1.4 for Drupal, violates the OpenID 2.0 protocol by not verifying the openid.return_to value, which allows remote attackers to bypass authentication by leveraging an assertion from an OpenID provider.

Remediation

References

CVE-2010-3091

Related Vulnerabilities

IBM Lotus Domino web server Cross-Site Scripting vulnerabilities

WordPress Plugin HubSpot All-In-One Marketing-Forms, Popups, Live Chat Cross-Site Scripting (7.5.5)

WordPress Plugin Listing, Classified Ads & Business Directory-uListing Arbitrary File Upload (1.2.1)

WordPress Plugin Email Before Download SQL Injection (6.7)

WordPress Plugin WP Product Review Lite Unspecified Vulnerability (3.7.6)

Severity

Medium

Classification

CVE-2010-3091 CWE-287

Tags

Missing Update Known Vulnerabilities