Vulnerability CVE-2007-1651


Published: 2007-03-23   Modified: 2012-02-12

Description:
Cross-site request forgery (CSRF) vulnerability in OpenID allows remote attackers to restore the login session of a user on an OpenID enabled site via unspecified vectors related to an arbitrary remote web site and cached tokens, after the user has signed into an OpenID server, logged into the OpenID enabled site, and then logged out of the OpenID enabled site.

CVSS2 => (AV:N/AC:M/Au:N/C:P/I:P/A:P)

CVSS Base Score
Impact Subscore
Exploitability Subscore
6.8/10
6.4/10
8.6/10
Exploit range
Attack complexity
Authentication
Remote
Medium
No required
Confidentiality impact
Integrity impact
Availability impact
Partial
Partial
Partial
Affected software
Openid -> Openid 

 References:
http://osvdb.org/43600
http://openid.net/pipermail/security/2007-March/000311.html
http://openid.net/pipermail/security/2007-March/000306.html
http://openid.net/pipermail/security/2007-March/000291.html
http://openid.net/pipermail/security/2007-March/000288.html
http://openid.net/pipermail/security/2007-March/000286.html
http://janrain.com/blog/2007/03/22/myopenid-security-fix/

Copyright 2024, cxsecurity.com

 

Back to Top