Mod_Auth_OpenID Session Stealing

2012.05.24
Risk: Medium
Local: No
Remote: Yes
CWE: CWE-264


CVSS Base Score: 2.1/10
Impact Subscore: 2.9/10
Exploitability Subscore: 3.9/10
Exploit range: Local
Attack complexity: Low
Authentication: No required
Confidentiality impact: Partial
Integrity impact: None
Availability impact: None

https://github.com/paranoid/mod_auth_openid/blob/master/CVE-2012-2760.markdown # Security Advisory 1201 Summary : Session stealing Date : May 2012 Affected versions : all versions prior to mod_auth_openid-0.7 ID : mod_auth_openid-1201 CVE reference : CVE-2012-2760 # Details Session ids are stored insecurely in /tmp/mod_auth_openid.db (default filename). The db is world readable and the session ids are stored unencrypted. # Impact If a user has access to the filesystem on the mod_auth_openid server, they can steal all of the current openid authenticated sessions # Workarounds A quick improvement of the situation is to chmod 0400 the DB file. Default location is /tmp/mod_auth_openid.db unless another location has been configured in AuthOpenIDDBLocation. # Solution Upgrade to mod_auth_openid-0.7 or later: http://findingscience.com/mod_auth_openid/releases # Credits This vulnerability was reported by Peter Ellehauge, ptr at groupon dot com. Fixed by Brian Muller bmuller at gmail dot com # References mod_auth_openid project: http://findingscience.com/mod_auth_openid/ # History 15 May 2012 Discovered the vulnerability. Created private patch. 16 May 2012 Notified maintainer. Obtained CVE-id 22 May 2012 Fixed by Brian Muller (bmuller at gmail dot com) in mod_auth_openid-0.7 - https://github.com/bmuller/mod_auth_openid/blob/master/ChangeLog -- ptr

References:

https://github.com/bmuller/mod_auth_openid/blob/master/ChangeLog


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2024, cxsecurity.com

 

Back to Top