Description
The OpenID module in Drupal 6.x before 6.18, and the OpenID module 5.x before 5.x-1.4 for Drupal, violates the OpenID 2.0 protocol by not ensuring that fields are signed, which allows remote attackers to bypass authentication by leveraging an assertion from an OpenID provider.
Remediation
References
Related Vulnerabilities
Squid Improper Input Validation Vulnerability (CVE-2015-3455)
WordPress Plugin MiwoFTP-File & Folder Manager Multiple Vulnerabilities (1.0.5)
WordPress Plugin Qwizcards-online quizzes and flashcards Cross-Site Scripting (3.61)
WebLogic CVE-2022-21441 Vulnerability (CVE-2022-21441)
Python Uncontrolled Resource Consumption Vulnerability (CVE-2019-9674)