Unrated severityNVD Advisory· Published Jul 25, 2012· Updated Apr 29, 2026
CVE-2012-2760
CVE-2012-2760
Description
mod_auth_openid before 0.7 for Apache uses world-readable permissions for /tmp/mod_auth_openid.db, which allows local users to obtain session ids.
Affected products
7cpe:2.3:a:findingscience:mod_auth_openid:0.1:*:*:*:*:apache:*:*+ 6 more
- cpe:2.3:a:findingscience:mod_auth_openid:0.1:*:*:*:*:apache:*:*
- cpe:2.3:a:findingscience:mod_auth_openid:0.2.1:*:*:*:*:apache:*:*
- cpe:2.3:a:findingscience:mod_auth_openid:0.2:*:*:*:*:apache:*:*
- cpe:2.3:a:findingscience:mod_auth_openid:0.3:*:*:*:*:apache:*:*
- cpe:2.3:a:findingscience:mod_auth_openid:0.4:*:*:*:*:apache:*:*
- cpe:2.3:a:findingscience:mod_auth_openid:0.5:*:*:*:*:apache:*:*
- cpe:2.3:a:findingscience:mod_auth_openid:*:*:*:*:*:apache:*:*range: <=0.6
Patches
12946ab6f7740Vulnerability mechanics
Generated by null/stub on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.
References
10- secunia.com/advisories/49247nvdVendor Advisory
- archives.neohapsis.com/archives/fulldisclosure/2012-05/0235.htmlnvd
- packetstormsecurity.org/files/112991/Mod_Auth_OpenID-Session-Stealing.htmlnvd
- www.exploit-db.com/exploits/18917nvd
- www.mandriva.com/security/advisoriesnvd
- www.osvdb.org/82139nvd
- www.securityfocus.com/bid/53661nvd
- exchange.xforce.ibmcloud.com/vulnerabilities/75813nvd
- github.com/bmuller/mod_auth_openid/blob/master/ChangeLognvd
- github.com/bmuller/mod_auth_openid/pull/30nvd
News mentions
0No linked articles in our index yet.