CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2008-0570

The OpenID 5.x-1.0 and earlier module for Drupal does not properly verify the claimed_id returned by an OpenID provider, which allows remote OpenID providers to spoof OpenID authentication for domains associated with other providers.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.004

EPSS Ranking 59.7%

CVSS Severity

CVSS v2 Score 5.0

References

http://drupal.org/node/216022
http://secunia.com/advisories/28717
http://www.securityfocus.com/bid/27542
http://www.vupen.com/english/advisories/2008/0373/references
http://drupal.org/node/216022
http://secunia.com/advisories/28717
http://www.securityfocus.com/bid/27542
http://www.vupen.com/english/advisories/2008/0373/references

Products affected by CVE-2008-0570

Drupal » Openid » Version: 5

cpe:2.3:a:drupal:openid:5

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2008-0570

Products

Pricing

Contact Us