Page 2 of 6 results (0.005 seconds)

CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 0

The OpenID 5.x-1.0 and earlier module for Drupal does not properly verify the claimed_id returned by an OpenID provider, which allows remote OpenID providers to spoof OpenID authentication for domains associated with other providers. El módulo OpenID 5.x-1.0 y anteriores de Drupal no verifica correctamente el claimed_id devuelto por un proveedor OpenID, lo cual permite a proveedores remotos OpenID falsificar autenticaciones OpenID en dominios asociados con otros proveedores. • http://drupal.org/node/216022 http://secunia.com/advisories/28717 http://www.securityfocus.com/bid/27542 http://www.vupen.com/english/advisories/2008/0373/references • CWE-20: Improper Input Validation •