OpenID Authentication Bypass Vulnerability in Drupal

OpenID Authentication Bypass Vulnerability in Drupal

CVE-2010-3686 · MEDIUM Severity

AV:N/AC:L/AU:N/C:N/I:P/A:N

The OpenID module in Drupal 6.x before 6.18, and the OpenID module 5.x before 5.x-1.4 for Drupal, violates the OpenID 2.0 protocol by not ensuring that fields are signed, which allows remote attackers to bypass authentication by leveraging an assertion from an OpenID provider.

Learn more about our Web Application Penetration Testing UK.