Scoutnet vzw

We connect scouts!
Het is momenteel 18 Mrt 2018 1:25

Alle tijden zijn UTC + 1 uur

Plaats een nieuw onderwerp Reageren op dit onderwerp  [ 1 bericht ] 
Auteur Bericht
BerichtGeplaatst: 10 Jul 2008 19:27 
Site Admin
Site Admin

Geregistreerd: 17 Jul 2002 23:00
Berichten: 1522
Woonplaats: Wetteren
------------SA-2008-045 - OPENID - MULTIPLE VULNERABILITIES------------

* Advisory ID: DRUPAL-SA-2008-045
* Project: OpenID (third-party module)
* Version: 5.x
* Date: 2008-July-9
* Security risk: Less critical
* Exploitable from: Remote
* Vulnerability: Cross site scripting, Cross site request forgeries


The OpenID module for Drupal 5.x allows uses to create an account or log into a Drupal site using one or more OpenID identities. Find out more about OpenID at [ ].

Two vulnerabilities and weaknesses were discovered in the contributed OpenID module.


Some information sent from the OpenID provider is not escaped before it is displayed.

Wikipedia has more information about cross site scripting [ ] (XSS).


The Drupal Forms API protects against Cross Site Request Forgeries (CSRF), where a malicious site can cause a user to unintentionally take actions on another site where they are authenticated. The OpenID module allowed OpenID identities to be deleted simply by clicking a link. Thus, a user could have all of their identities removed and no longer be able to log in with OpenID .

------------VERSIONS AFFECTED------------

* OpenID for Drupal 5.x before version 5x.-1.2

Drupal 5.x core is not affected. If you do not use the contributed OpenID module for Drupal 5.x, there is nothing you need to do.


Install the latest version:

* If you currently use OpenID 5.x-1.0 or 5.x-1.1 upgrade to OpenID 5.x-1.2 [ ]

See also the OpenID project page [ ].

------------REPORTED BY------------

* Neil Drumm (drumm [ ]) of the Drupal Security Team
* Peter Wolanin (pwolanin [ ]) of the Drupal Security Team


The security contact for Drupal can be reached at security at or via the form at [ ].

Berichten weergeven van de afgelopen:  Sorteer op  
Plaats een nieuw onderwerp Reageren op dit onderwerp  [ 1 bericht ] 

Alle tijden zijn UTC + 1 uur

Wie is er online?

Gebruikers in dit forum: Geen geregistreerde gebruikers en 1 gast

U mag geen nieuwe onderwerpen plaatsen in dit forum
U mag geen reacties plaatsen op onderwerpen in dit forum
U mag uw berichten niet wijzigen in dit forum
U mag uw berichten niet verwijderen in dit forum
U mag geen bijlagen plaatsen in dit forum

Zoeken naar:
Ga naar:  
Powered by phpBB® Forum Software © phpBB Group
Vertaald door