CVE-2008-3280
- EPSS 5.93%
- Published 21.05.2021 20:15:07
- Last modified 21.11.2024 00:48:52
It was found that various OpenID Providers (OPs) had TLS Server Certificates that used weak keys, as a result of the Debian Predictable Random Number Generator (CVE-2008-0166). In combination with the DNS Cache Poisoning issue (CVE-2008-1447) and the...
CVE-2007-5173
- EPSS 1.65%
- Published 03.10.2007 14:17:00
- Last modified 09.04.2025 00:30:58
PHP remote file inclusion vulnerability in includes/openid/Auth/OpenID/BBStore.php in phpBB Openid 0.2.0 allows remote attackers to execute arbitrary PHP code via a URL in the openid_root_path parameter.
CVE-2007-1651
- EPSS 0.96%
- Published 24.03.2007 00:19:00
- Last modified 09.04.2025 00:30:58
Cross-site request forgery (CSRF) vulnerability in OpenID allows remote attackers to restore the login session of a user on an OpenID enabled site via unspecified vectors related to an arbitrary remote web site and cached tokens, after the user has s...
CVE-2007-1652
- EPSS 1.02%
- Published 24.03.2007 00:19:00
- Last modified 09.04.2025 00:30:58
OpenID allows remote attackers to forcibly log a user into an OpenID enabled site, divulge the user's personal information to this site, and add it site to the trusted sites list via a crafted web page, related to cached tokens.