CVE-2010-3091

Drupal <6.18 & <5.x-1.4 - Auth Bypass

Title source: llm

Description

The OpenID module in Drupal 6.x before 6.18, and the OpenID module 5.x before 5.x-1.4 for Drupal, violates the OpenID 2.0 protocol by not verifying the openid.return_to value, which allows remote attackers to bypass authentication by leveraging an assertion from an OpenID provider.

References (6)

[Patch, Vendor Advisory] http://drupal.org/node/880476

[Patch, Vendor Advisory] http://drupal.org/node/880480

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/42388

[Third Party Advisory] http://www.debian.org/security/2010/dsa-2113

[Mailing List] http://marc.info/?l=oss-security&m=128418560705305&w=2

[Mailing List] http://marc.info/?l=oss-security&m=128440896914512&w=2

Scores

EPSS 0.0063

EPSS Percentile 70.0%

Classification

CWE

CWE-287

Status draft

Affected Products (32)

drupal/drupal

drupal/drupal

drupal/drupal

drupal/drupal

drupal/drupal

drupal/drupal

drupal/drupal

drupal/drupal

drupal/drupal

drupal/drupal

drupal/drupal

drupal/drupal

drupal/drupal

drupal/drupal

drupal/drupal

... and 17 more

Timeline

Published Sep 29, 2010

Tracked Since Feb 18, 2026