World-readable permissions for /tmp/mod_auth_openid.db in mod_auth_openid before 0.7 for Apache allow local users to obtain session ids

CVE-2012-2760 · LOW Severity

AV:L/AC:L/AU:N/C:P/I:N/A:N

mod_auth_openid before 0.7 for Apache uses world-readable permissions for /tmp/mod_auth_openid.db, which allows local users to obtain session ids.

Learn more about our Cis Benchmark Audit For Apache Http Server.