VYPR
Unrated severityNVD Advisory· Published Sep 29, 2010· Updated Jun 16, 2026

CVE-2010-3686

CVE-2010-3686

Description

The OpenID module in Drupal 6.x before 6.18, and the OpenID module 5.x before 5.x-1.4 for Drupal, violates the OpenID 2.0 protocol by not ensuring that fields are signed, which allows remote attackers to bypass authentication by leveraging an assertion from an OpenID provider.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

33
  • Drupal/Drupal27 versions
    cpe:2.3:a:drupal:drupal:6.0:*:*:*:*:*:*:*+ 26 more
    • cpe:2.3:a:drupal:drupal:6.0:*:*:*:*:*:*:*
    • cpe:2.3:a:drupal:drupal:6.0:beta1:*:*:*:*:*:*
    • cpe:2.3:a:drupal:drupal:6.0:beta2:*:*:*:*:*:*
    • cpe:2.3:a:drupal:drupal:6.0:beta3:*:*:*:*:*:*
    • cpe:2.3:a:drupal:drupal:6.0:beta4:*:*:*:*:*:*
    • cpe:2.3:a:drupal:drupal:6.0:dev:*:*:*:*:*:*
    • cpe:2.3:a:drupal:drupal:6.0:rc1:*:*:*:*:*:*
    • cpe:2.3:a:drupal:drupal:6.0:rc2:*:*:*:*:*:*
    • cpe:2.3:a:drupal:drupal:6.0:rc3:*:*:*:*:*:*
    • cpe:2.3:a:drupal:drupal:6.0:rc4:*:*:*:*:*:*
    • cpe:2.3:a:drupal:drupal:6.1:*:*:*:*:*:*:*
    • cpe:2.3:a:drupal:drupal:6.10:*:*:*:*:*:*:*
    • cpe:2.3:a:drupal:drupal:6.11:*:*:*:*:*:*:*
    • cpe:2.3:a:drupal:drupal:6.12:*:*:*:*:*:*:*
    • cpe:2.3:a:drupal:drupal:6.13:*:*:*:*:*:*:*
    • cpe:2.3:a:drupal:drupal:6.14:*:*:*:*:*:*:*
    • cpe:2.3:a:drupal:drupal:6.15:*:*:*:*:*:*:*
    • cpe:2.3:a:drupal:drupal:6.16:*:*:*:*:*:*:*
    • cpe:2.3:a:drupal:drupal:6.17:*:*:*:*:*:*:*
    • cpe:2.3:a:drupal:drupal:6.2:*:*:*:*:*:*:*
    • cpe:2.3:a:drupal:drupal:6.3:*:*:*:*:*:*:*
    • cpe:2.3:a:drupal:drupal:6.4:*:*:*:*:*:*:*
    • cpe:2.3:a:drupal:drupal:6.5:*:*:*:*:*:*:*
    • cpe:2.3:a:drupal:drupal:6.6:*:*:*:*:*:*:*
    • cpe:2.3:a:drupal:drupal:6.7:*:*:*:*:*:*:*
    • cpe:2.3:a:drupal:drupal:6.8:*:*:*:*:*:*:*
    • cpe:2.3:a:drupal:drupal:6.9:*:*:*:*:*:*:*
  • cpe:2.3:a:peter_wolanin:openid:5.x-1.0:*:*:*:*:*:*:*+ 4 more
    • cpe:2.3:a:peter_wolanin:openid:5.x-1.0:*:*:*:*:*:*:*
    • cpe:2.3:a:peter_wolanin:openid:5.x-1.1:*:*:*:*:*:*:*
    • cpe:2.3:a:peter_wolanin:openid:5.x-1.2:*:*:*:*:*:*:*
    • cpe:2.3:a:peter_wolanin:openid:5.x-1.3:*:*:*:*:*:*:*
    • cpe:2.3:a:peter_wolanin:openid:5.x-1.x:dev:*:*:*:*:*:*
  • Drupal/Openidllm-fuzzy
    Range: <6.18 (for Drupal 6.x) or <5.x-1.4 (for Drupal 5.x)

Patches

Vulnerability mechanics

References

6

News mentions

0

No linked articles in our index yet.