Get a demo
100% Signal 0% Noise Invicti Logo - The Largest Dynamic Application Security Solutions Provider In The World Get a demo
Drupal Improper Authentication Vulnerability - CVE-2010-3685 - Vulnerability Database
Drupal

Drupal Improper Authentication Vulnerability - CVE-2010-3685

Medium
Reference: CVE-2010-3685
NVD Link: https://nvd.nist.gov/vuln/detail/CVE-2010-3685
Title: Drupal Improper Authentication Vulnerability
Overview:

The OpenID module in Drupal 6.x before 6.18 and the OpenID module 5.x before 5.x-1.4 for Drupal violates the OpenID 2.0 protocol by not checking for reuse of openid.response_nonce values which allows remote attackers to bypass authentication by leveraging an assertion from an OpenID provider.