Description
The OpenID module in Drupal 6.x before 6.18, and the OpenID module 5.x before 5.x-1.4 for Drupal, violates the OpenID 2.0 protocol by not checking for reuse of openid.response_nonce values, which allows remote attackers to bypass authentication by leveraging an assertion from an OpenID provider.
Remediation
References
Related Vulnerabilities
Oracle JRE CVE-2013-2459 Vulnerability (CVE-2013-2459)
Joomla! Core Directory Traversal (2.5.0 - 3.9.20)
WordPress Plugin Link Optimizer Lite Cross-Site Request Forgery (1.4.5)
WordPress 4.2.x Multiple Vulnerabilities (4.2 - 4.2.32)
WordPress Plugin Pagination by BestWebSoft Cross-Site Scripting (1.0.6)