Vulnerabilities > Peter Wolanin
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2010-09-29 | CVE-2010-3686 | Improper Authentication vulnerability in multiple products The OpenID module in Drupal 6.x before 6.18, and the OpenID module 5.x before 5.x-1.4 for Drupal, violates the OpenID 2.0 protocol by not ensuring that fields are signed, which allows remote attackers to bypass authentication by leveraging an assertion from an OpenID provider. | 5.0 |
2010-09-29 | CVE-2010-3685 | Improper Authentication vulnerability in multiple products The OpenID module in Drupal 6.x before 6.18, and the OpenID module 5.x before 5.x-1.4 for Drupal, violates the OpenID 2.0 protocol by not checking for reuse of openid.response_nonce values, which allows remote attackers to bypass authentication by leveraging an assertion from an OpenID provider. | 5.0 |
2010-09-29 | CVE-2010-3091 | Improper Authentication vulnerability in multiple products The OpenID module in Drupal 6.x before 6.18, and the OpenID module 5.x before 5.x-1.4 for Drupal, violates the OpenID 2.0 protocol by not verifying the openid.return_to value, which allows remote attackers to bypass authentication by leveraging an assertion from an OpenID provider. | 5.0 |
2009-06-27 | CVE-2008-6836 | Cross-Site Request Forgery (CSRF) vulnerability in Peter Wolanin Openid 5.X1.0/5.X1.1/5.X1.X Cross-site request forgery (CSRF) vulnerability in OpenID 5.x before 5x.-1.2, a module for Drupal, allows remote attackers to hijack the authentication of unspecified victims to delete OpenID identities via unknown vectors. | 6.8 |
2009-06-27 | CVE-2008-6835 | Cross-Site Scripting vulnerability in Peter Wolanin Openid 5.X1.0/5.X1.1/5.X1.X Cross-site scripting (XSS) vulnerability in OpenID 5.x before 5.x-1.2, a module for Drupal, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |