The GenericConsumer class in the Consumer component in ZendOpenId prior to 2.0.2 and the Zend_OpenId_Consumer class in Zend Framework 1 prior to 1.12.4 does not verify that the openid_op_endpoint value identifies the same Identity Provider as the provider used in the association handle, which allows remote malicious users to bypass authentication and spoof arbitrary OpenID identities by using a malicious OpenID Provider that generates OpenID tokens with arbitrary identifier and claimed_id values.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
zend zendopenid |
||
zend zend framework |