VYPR

Openid

by Peter Wolanin

CVEs (9)

  • CVE-2008-3280May 21, 2021
    risk 0.03cvss epss 0.04

    It was found that various OpenID Providers (OPs) had TLS Server Certificates that used weak keys, as a result of the Debian Predictable Random Number Generator (CVE-2008-0166). In combination with the DNS Cache Poisoning issue (CVE-2008-1447) and the fact that almost all SSL/TLS…

  • CVE-2007-5173Oct 3, 2007
    risk 0.03cvss epss 0.03

    PHP remote file inclusion vulnerability in includes/openid/Auth/OpenID/BBStore.php in phpBB Openid 0.2.0 allows remote attackers to execute arbitrary PHP code via a URL in the openid_root_path parameter.

  • CVE-2010-3686Sep 29, 2010
    risk 0.00cvss epss 0.02

    The OpenID module in Drupal 6.x before 6.18, and the OpenID module 5.x before 5.x-1.4 for Drupal, violates the OpenID 2.0 protocol by not ensuring that fields are signed, which allows remote attackers to bypass authentication by leveraging an assertion from an OpenID provider.

  • CVE-2010-3685Sep 29, 2010
    risk 0.00cvss epss 0.02

    The OpenID module in Drupal 6.x before 6.18, and the OpenID module 5.x before 5.x-1.4 for Drupal, violates the OpenID 2.0 protocol by not checking for reuse of openid.response_nonce values, which allows remote attackers to bypass authentication by leveraging an assertion from an…

  • CVE-2010-3091Sep 29, 2010
    risk 0.00cvss epss 0.02

    The OpenID module in Drupal 6.x before 6.18, and the OpenID module 5.x before 5.x-1.4 for Drupal, violates the OpenID 2.0 protocol by not verifying the openid.return_to value, which allows remote attackers to bypass authentication by leveraging an assertion from an OpenID…

  • CVE-2008-6836Jun 27, 2009
    risk 0.00cvss epss 0.01

    Cross-site request forgery (CSRF) vulnerability in OpenID 5.x before 5x.-1.2, a module for Drupal, allows remote attackers to hijack the authentication of unspecified victims to delete OpenID identities via unknown vectors.

  • CVE-2008-6835Jun 27, 2009
    risk 0.00cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in OpenID 5.x before 5.x-1.2, a module for Drupal, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

  • CVE-2007-1651Mar 24, 2007
    risk 0.00cvss epss 0.01

    Cross-site request forgery (CSRF) vulnerability in OpenID allows remote attackers to restore the login session of a user on an OpenID enabled site via unspecified vectors related to an arbitrary remote web site and cached tokens, after the user has signed into an OpenID server,…

  • CVE-2007-1652Mar 24, 2007
    risk 0.00cvss epss 0.01

    OpenID allows remote attackers to forcibly log a user into an OpenID enabled site, divulge the user's personal information to this site, and add it site to the trusted sites list via a crafted web page, related to cached tokens.