CVE-2008-0570

Published: Feb 5, 2008Modified: Apr 23, 2026

5.0

Vector

AV:N/AC:L/Au:N/C:N/I:P/A:N

Exploitability: 10.0 / Impact: 2.9

Source: NVD

Description

The OpenID 5.x-1.0 and earlier module for Drupal does not properly verify the claimed_id returned by an OpenID provider, which allows remote OpenID providers to spoof OpenID authentication for domains associated with other providers.

Affected (1)

Products: Drupal: Openid

Drupal

1 product

Openid

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Drupal Openid	Version 5

Related CWEs

CWE-20

Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

References (8)

http://drupal.org/node/216022

Source: cve@mitre.org

http://secunia.com/advisories/28717

Source: cve@mitre.org

Vendor Advisory

http://www.securityfocus.com/bid/27542

Source: cve@mitre.org

http://www.vupen.com/english/advisories/2008/0373/references

Source: cve@mitre.org

http://drupal.org/node/216022

Source: af854a3a-2127-422b-91ae-364da2661108

http://secunia.com/advisories/28717

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

http://www.securityfocus.com/bid/27542

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.vupen.com/english/advisories/2008/0373/references

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.