MidnightBSD

Advisories for peter_wolanin

CVE-2010-3091 MEDIUM

The OpenID module in Drupal 6.x before 6.18, and the OpenID module 5.x before 5.x-1.4 for Drupal, violates the OpenID 2.0 protocol by not verifying the openid.return_to value, which allows remote attackers to bypass authentication by leveraging an assertion from an OpenID provider.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-287,

Products Affected

Vendor Product Version
drupal drupal 6.10
drupal drupal 6.17
drupal drupal 6.4
peter_wolanin openid 5.x-1.3
drupal drupal 6.3
drupal drupal 6.8
drupal drupal 6.15
drupal drupal 6.2
drupal drupal 6.5
peter_wolanin openid 5.x-1.1
drupal drupal 6.12
peter_wolanin openid 5.x-1.0
drupal drupal 6.11
peter_wolanin openid 5.x-1.x
drupal drupal 6.14
drupal drupal 6.0
drupal drupal 6.7
peter_wolanin openid 5.x-1.2
drupal drupal 6.6
drupal drupal 6.16
drupal drupal 6.9
drupal drupal 6.1
drupal drupal 6.13
CVE-2010-3685 MEDIUM

The OpenID module in Drupal 6.x before 6.18, and the OpenID module 5.x before 5.x-1.4 for Drupal, violates the OpenID 2.0 protocol by not checking for reuse of openid.response_nonce values, which allows remote attackers to bypass authentication by leveraging an assertion from an OpenID provider.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-287,

Products Affected

Vendor Product Version
drupal drupal 6.10
drupal drupal 6.17
drupal drupal 6.4
peter_wolanin openid 5.x-1.3
drupal drupal 6.3
drupal drupal 6.8
drupal drupal 6.15
drupal drupal 6.2
drupal drupal 6.5
peter_wolanin openid 5.x-1.1
drupal drupal 6.12
peter_wolanin openid 5.x-1.0
drupal drupal 6.11
peter_wolanin openid 5.x-1.x
drupal drupal 6.14
drupal drupal 6.0
drupal drupal 6.7
peter_wolanin openid 5.x-1.2
drupal drupal 6.6
drupal drupal 6.16
drupal drupal 6.9
drupal drupal 6.1
drupal drupal 6.13
CVE-2010-3686 MEDIUM

The OpenID module in Drupal 6.x before 6.18, and the OpenID module 5.x before 5.x-1.4 for Drupal, violates the OpenID 2.0 protocol by not ensuring that fields are signed, which allows remote attackers to bypass authentication by leveraging an assertion from an OpenID provider.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-287,

Products Affected

Vendor Product Version
drupal drupal 6.10
drupal drupal 6.17
drupal drupal 6.4
peter_wolanin openid 5.x-1.3
drupal drupal 6.3
drupal drupal 6.8
drupal drupal 6.15
drupal drupal 6.2
drupal drupal 6.5
peter_wolanin openid 5.x-1.1
drupal drupal 6.12
peter_wolanin openid 5.x-1.0
drupal drupal 6.11
peter_wolanin openid 5.x-1.x
drupal drupal 6.14
drupal drupal 6.0
drupal drupal 6.7
peter_wolanin openid 5.x-1.2
drupal drupal 6.6
drupal drupal 6.16
drupal drupal 6.9
drupal drupal 6.1
drupal drupal 6.13