Main Vulnerability Database SB2016091610

SB2016091610 - OpenID impersonation in Drupal Drupal

Published: September 16, 2016 Updated: September 16, 2016

Security Bulletin ID SB2016091610

Severity

Low

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Remote access

Highest impact Information disclosure

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 security vulnerability.

1) OpenID impersonation (CVE-ID: N/A)

The vulnerability allows one user access another user's account.
The weakness exists due to improper implementation of the OpenID Authentication 2.0 specification. In case of sharing the same OpenID 2.0 provider user can access account of another one.
Successful exploitation of the vulnerability allows to get access to another user's account.

Remediation

Install update from vendor's website.

References

https://www.drupal.org/node/579482