← Back

Peter Wolanin

peter_wolanin

5 CVEs • 1 product

Products (1)

Click to collapse
Toggle
Openid
openid
5 CVEs

CVEs (5)

CVE
VENDORS
PRODUCTS
UPDATED
PUBLISHED
CVSS
CVE-2010-3686
2Drupal
Peter Wolanin
2Drupal
Openid
Apr 29, 2026
Sep 29, 2010
N/A· v4
N/A· v3
5.0 MEDIUM· v2
The OpenID module in Drupal 6.x before 6.18, and the OpenID module 5.x before 5.x-1.4 for Drupal, violates the OpenID 2.0 protocol by not ensuring that fields are signed, which allows remote attackers to bypass authentic...Show more
The OpenID module in Drupal 6.x before 6.18, and the OpenID module 5.x before 5.x-1.4 for Drupal, violates the OpenID 2.0 protocol by not ensuring that fields are signed, which allows remote attackers to bypass authentication by leveraging an assertion from an OpenID provider.Show less
CVE-2010-3685
2Drupal
Peter Wolanin
2Drupal
Openid
Apr 29, 2026
Sep 29, 2010
N/A· v4
N/A· v3
5.0 MEDIUM· v2
The OpenID module in Drupal 6.x before 6.18, and the OpenID module 5.x before 5.x-1.4 for Drupal, violates the OpenID 2.0 protocol by not checking for reuse of openid.response_nonce values, which allows remote attackers...Show more
The OpenID module in Drupal 6.x before 6.18, and the OpenID module 5.x before 5.x-1.4 for Drupal, violates the OpenID 2.0 protocol by not checking for reuse of openid.response_nonce values, which allows remote attackers to bypass authentication by leveraging an assertion from an OpenID provider.Show less
CVE-2010-3091
2Drupal
Peter Wolanin
2Drupal
Openid
Apr 29, 2026
Sep 29, 2010
N/A· v4
N/A· v3
5.0 MEDIUM· v2
The OpenID module in Drupal 6.x before 6.18, and the OpenID module 5.x before 5.x-1.4 for Drupal, violates the OpenID 2.0 protocol by not verifying the openid.return_to value, which allows remote attackers to bypass auth...Show more
The OpenID module in Drupal 6.x before 6.18, and the OpenID module 5.x before 5.x-1.4 for Drupal, violates the OpenID 2.0 protocol by not verifying the openid.return_to value, which allows remote attackers to bypass authentication by leveraging an assertion from an OpenID provider.Show less
CVE-2008-6836
1Peter Wolanin
1Openid
Apr 23, 2026
Jun 27, 2009
N/A· v4
N/A· v3
6.8 MEDIUM· v2
Cross-site request forgery (CSRF) vulnerability in OpenID 5.x before 5x.-1.2, a module for Drupal, allows remote attackers to hijack the authentication of unspecified victims to delete OpenID identities via unknown vecto...Show more
Cross-site request forgery (CSRF) vulnerability in OpenID 5.x before 5x.-1.2, a module for Drupal, allows remote attackers to hijack the authentication of unspecified victims to delete OpenID identities via unknown vectors.Show less
CVE-2008-6835
1Peter Wolanin
1Openid
Apr 23, 2026
Jun 27, 2009
N/A· v4
N/A· v3
4.3 MEDIUM· v2
Cross-site scripting (XSS) vulnerability in OpenID 5.x before 5.x-1.2, a module for Drupal, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.