CVE-2007-1651 - Cross-site request forgery (CSRF) vulnerability in OpenID allows remote attackers to restore the log

CVE-2007-1651

Summary

Cross-site request forgery (CSRF) vulnerability in OpenID allows remote attackers to restore the login session of a user on an OpenID enabled site via unspecified vectors related to an arbitrary remote web site and cached tokens, after the user has signed into an OpenID server, logged into the OpenID enabled site, and then logged out of the OpenID enabled site.

References

Vulnerable Configurations

cpe:2.3:a:openid:openid:*:*:*:*:*:*:*:*
cpe:2.3:a:openid:openid:*:*:*:*:*:*:*:*

CVSS

Base:	6.8 (as of 13-11-2008 - 06:35)
Impact:
Exploitability:

CWE

NVD-CWE-Other

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	MEDIUM	NONE

Impact

Confidentiality	Integrity	Availability
PARTIAL	PARTIAL	PARTIAL

cvss-vector via4

AV:N/AC:M/Au:N/C:P/I:P/A:P

refmap via4

misc	http://janrain.com/blog/2007/03/22/myopenid-security-fix/
mlist	[security] 20070321 MyOpenID [security] 20070322 MyOpenID
osvdb	43600

Last major update

13-11-2008 - 06:35

Published

24-03-2007 - 00:19

Last modified

13-11-2008 - 06:35