First published: Tue Feb 05 2008(Updated: )
The OpenID 5.x-1.0 and earlier module for Drupal does not properly verify the claimed_id returned by an OpenID provider, which allows remote OpenID providers to spoof OpenID authentication for domains associated with other providers.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Drupal Openid | =5 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2008-0570 has been classified as a high severity vulnerability due to its potential to allow spoofing attacks.
To fix CVE-2008-0570, upgrade the Drupal OpenID module to the latest version where the vulnerability has been patched.
CVE-2008-0570 affects the Drupal OpenID module version 5.x-1.0 and earlier.
Yes, CVE-2008-0570 can lead to unauthorized access as it allows remote OpenID providers to spoof authentication.
Yes, the authentication security is at risk due to the vulnerability's ability to improperly verify claimed identities.