CVE-2016-2049

HIGH

JanRain PHP OpenID - Authentication Hijacking via HTTP Host Header

Title source: llm
STIX 2.1

Description

examples/consumer/common.php in JanRain PHP OpenID library (aka php-openid) improperly checks the openid.realm parameter against the SERVER_NAME element in the SERVER superglobal array, which might allow remote attackers to hijack the authentication of arbitrary users via vectors involving a crafted HTTP Host header.

References (2)

Core 2
Core References
Mailing List mailing-list x_refsource_mlist
http://www.openwall.com/lists/oss-security/2016/01/24/5
Mailing List mailing-list x_refsource_mlist
http://www.openwall.com/lists/oss-security/2016/01/24/2

Scores

CVSS v3 8.8
EPSS 0.0217
EPSS Percentile 80.1%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Details

CWE
CWE-284
Status published
Products (1)
janrain/php-openid
Published Feb 01, 2016
Tracked Since Feb 18, 2026