CVE-2014-2685

Published: Sep 4, 2014Modified: May 6, 2026

7.5

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability: 10.0 / Impact: 6.4

Source: NVD

Description

The GenericConsumer class in the Consumer component in ZendOpenId before 2.0.2 and the Zend_OpenId_Consumer class in Zend Framework 1 before 1.12.4 violate the OpenID 2.0 protocol by ensuring only that at least one field is signed, which allows remote attackers to bypass authentication by leveraging an assertion from an OpenID provider.

Affected (97)

Products: Zend: Zend Framework, Zendopenid

Zend

2 products

Zend Framework

Zendopenid

Configuration A

96 vulnerable

Vulnerable Software	Affected Versions
Zend Zend Framework	Up to 1.12.3
Zend Zend Framework	Version 1.0.0
Zend Zend Framework	Version 1.0.0 rc1
Zend Zend Framework	Version 1.0.0 rc2
Zend Zend Framework	Version 1.0.0 rc2a
Zend Zend Framework	Version 1.0.0 rc3
Zend Zend Framework	Version 1.0.1
Zend Zend Framework	Version 1.0.2
Zend Zend Framework	Version 1.0.3
Zend Zend Framework	Version 1.0.4
Zend Zend Framework	Version 1.10.0
Zend Zend Framework	Version 1.10.0 alpha1
Zend Zend Framework	Version 1.10.0 beta1
Zend Zend Framework	Version 1.10.0 rc1
Zend Zend Framework	Version 1.10.1
Zend Zend Framework	Version 1.10.2
Zend Zend Framework	Version 1.10.3
Zend Zend Framework	Version 1.10.4
Zend Zend Framework	Version 1.10.5
Zend Zend Framework	Version 1.10.6
Zend Zend Framework	Version 1.10.7
Zend Zend Framework	Version 1.10.8
Zend Zend Framework	Version 1.10.9
Zend Zend Framework	Version 1.11.0
Zend Zend Framework	Version 1.11.0 b1
Zend Zend Framework	Version 1.11.0 rc1
Zend Zend Framework	Version 1.11.10
Zend Zend Framework	Version 1.11.11
Zend Zend Framework	Version 1.11.12
Zend Zend Framework	Version 1.11.13
Zend Zend Framework	Version 1.11.1
Zend Zend Framework	Version 1.11.2
Zend Zend Framework	Version 1.11.3
Zend Zend Framework	Version 1.11.4
Zend Zend Framework	Version 1.11.5
Zend Zend Framework	Version 1.11.6
Zend Zend Framework	Version 1.11.7
Zend Zend Framework	Version 1.11.8
Zend Zend Framework	Version 1.11.9
Zend Zend Framework	Version 1.12.0
Zend Zend Framework	Version 1.12.0 rc1
Zend Zend Framework	Version 1.12.0 rc2
Zend Zend Framework	Version 1.12.0 rc3
Zend Zend Framework	Version 1.12.0 rc4
Zend Zend Framework	Version 1.12.1
Zend Zend Framework	Version 1.12.2
Zend Zend Framework	Version 1.5.0
Zend Zend Framework	Version 1.5.0 pl
Zend Zend Framework	Version 1.5.0 pr
Zend Zend Framework	Version 1.5.0 rc1
Zend Zend Framework	Version 1.5.0 rc2
Zend Zend Framework	Version 1.5.0 rc3
Zend Zend Framework	Version 1.5.1
Zend Zend Framework	Version 1.5.2
Zend Zend Framework	Version 1.5.3
Zend Zend Framework	Version 1.6.0
Zend Zend Framework	Version 1.6.0 rc1
Zend Zend Framework	Version 1.6.0 rc2
Zend Zend Framework	Version 1.6.0 rc3
Zend Zend Framework	Version 1.6.1
Zend Zend Framework	Version 1.6.2
Zend Zend Framework	Version 1.7.0
Zend Zend Framework	Version 1.7.0 pl1
Zend Zend Framework	Version 1.7.0 pr
Zend Zend Framework	Version 1.7.1
Zend Zend Framework	Version 1.7.2
Zend Zend Framework	Version 1.7.3
Zend Zend Framework	Version 1.7.3 pl1
Zend Zend Framework	Version 1.7.4
Zend Zend Framework	Version 1.7.5
Zend Zend Framework	Version 1.7.6
Zend Zend Framework	Version 1.7.7
Zend Zend Framework	Version 1.7.8
Zend Zend Framework	Version 1.7.9
Zend Zend Framework	Version 1.8.0
Zend Zend Framework	Version 1.8.0 a1
Zend Zend Framework	Version 1.8.0 b1
Zend Zend Framework	Version 1.8.1
Zend Zend Framework	Version 1.8.2
Zend Zend Framework	Version 1.8.3
Zend Zend Framework	Version 1.8.4
Zend Zend Framework	Version 1.8.4 pl1
Zend Zend Framework	Version 1.8.5
Zend Zend Framework	Version 1.9.0
Zend Zend Framework	Version 1.9.0 a1
Zend Zend Framework	Version 1.9.0 b1
Zend Zend Framework	Version 1.9.0 rc1
Zend Zend Framework	Version 1.9.1
Zend Zend Framework	Version 1.9.2
Zend Zend Framework	Version 1.9.3
Zend Zend Framework	Version 1.9.3 pl1
Zend Zend Framework	Version 1.9.4
Zend Zend Framework	Version 1.9.5
Zend Zend Framework	Version 1.9.6
Zend Zend Framework	Version 1.9.7
Zend Zend Framework	Version 1.9.8