mod_auth_openid prior to 0.7 for Apache uses world-readable permissions for /tmp/mod_auth_openid.db, which allows local users to obtain session ids.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
findingscience mod auth openid 0.1 |
||
findingscience mod auth openid |
||
findingscience mod auth openid 0.2.1 |
||
findingscience mod auth openid 0.2 |
||
findingscience mod auth openid 0.5 |
||
findingscience mod auth openid 0.4 |
||
findingscience mod auth openid 0.3 |