Vulnerabilities > Peter Wolanin > Openid > 5.x.1.3

DATE CVE VULNERABILITY TITLE RISK
2010-09-29 CVE-2010-3686 Improper Authentication vulnerability in multiple products
The OpenID module in Drupal 6.x before 6.18, and the OpenID module 5.x before 5.x-1.4 for Drupal, violates the OpenID 2.0 protocol by not ensuring that fields are signed, which allows remote attackers to bypass authentication by leveraging an assertion from an OpenID provider.
network
low complexity
drupal peter-wolanin CWE-287
5.0
5.0
2010-09-29 CVE-2010-3685 Improper Authentication vulnerability in multiple products
The OpenID module in Drupal 6.x before 6.18, and the OpenID module 5.x before 5.x-1.4 for Drupal, violates the OpenID 2.0 protocol by not checking for reuse of openid.response_nonce values, which allows remote attackers to bypass authentication by leveraging an assertion from an OpenID provider.
network
low complexity
drupal peter-wolanin CWE-287
5.0
5.0
2010-09-29 CVE-2010-3091 Improper Authentication vulnerability in multiple products
The OpenID module in Drupal 6.x before 6.18, and the OpenID module 5.x before 5.x-1.4 for Drupal, violates the OpenID 2.0 protocol by not verifying the openid.return_to value, which allows remote attackers to bypass authentication by leveraging an assertion from an OpenID provider.
network
low complexity
drupal peter-wolanin CWE-287
5.0
5.0