Get a demo
100% Signal 0% Noise Invicti Logo - The Largest Dynamic Application Security Solutions Provider In The World Get a demo
Drupal Improper Authentication Vulnerability - CVE-2010-3091 - Vulnerability Database
Drupal

Drupal Improper Authentication Vulnerability - CVE-2010-3091

Medium
Reference: CVE-2010-3091
NVD Link: https://nvd.nist.gov/vuln/detail/CVE-2010-3091
Title: Drupal Improper Authentication Vulnerability
Overview:

The OpenID module in Drupal 6.x before 6.18 and the OpenID module 5.x before 5.x-1.4 for Drupal violates the OpenID 2.0 protocol by not verifying the openid.return_to value which allows remote attackers to bypass authentication by leveraging an assertion from an OpenID provider.