Exploitation Summary
EIP tracks 1 public exploit for CVE-2012-2760. PoCs published by Peter Ellehauge.
AI-analyzed exploit summary This is a security advisory describing CVE-2012-2760, which involves insecure storage of session IDs in a world-readable database file (/tmp/mod_auth_openid.db) in mod_auth_openid versions prior to 0.7. The vulnerability allows local users to steal OpenID authenticated sessions.
Description
mod_auth_openid before 0.7 for Apache uses world-readable permissions for /tmp/mod_auth_openid.db, which allows local users to obtain session ids.
Exploits (1)
This is a security advisory describing CVE-2012-2760, which involves insecure storage of session IDs in a world-readable database file (/tmp/mod_auth_openid.db) in mod_auth_openid versions prior to 0.7. The vulnerability allows local users to steal OpenID authenticated sessions.