Vulnerability 61079 - CERT Civis.Net

Vulnerability Name:

CCN-61079

Published:

2010-08-11

Updated:

2010-08-11

Summary:

Drupal could allow a remote attacker to bypass security restrictions, caused by the incorrect protocol implementation within the OpenID module. By replaying intercepted assertions, a remote attacker could exploit this vulnerability to bypass the login mechanism.

CVSS v3 Severity:

5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): None Integrity (I): Low Availibility (A): None

CVSS v2 Severity:

5.0 Medium (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N)
3.7 Low (CCN Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N/E:U/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Athentication (Au): None
Impact Metrics:	Confidentiality (C): None Integrity (I): Partial Availibility (A): None

Vulnerability Consequences:

Bypass Security

References:

Source: CCN
Type: SA-CORE-2010-002
Drupal core - Multiple vulnerabilities

Source: CCN
Type: SA-CONTRIB-2010-084
OpenID - Authentication bypass

Source: CCN
Type: SA40930
Drupal Multiple Vulnerabilities

Source: CCN
Type: SA40942
Drupal OpenID Module Security Bypass Vulnerability

Source: CCN
Type: BID-42388
Drupal OpenID Module User Account Authentication Bypass Vulnerability

Source: CCN
Type: BID-42391
Drupal DRUPAL-SA-CORE-2010-002 Multiple Remote Vulnerabilities

Source: XF
Type: UNKNOWN
drupal-openid-protocol-sec-bypass(61079)

Vulnerable Configuration:

Configuration CCN 1:

cpe:/a:drupal:drupal:5.6:*:*:*:*:*:*:*

OR cpe:/a:drupal:drupal:6.0:*:*:*:*:*:*:*

OR cpe:/a:drupal:drupal:5.0:*:*:*:*:*:*:*

OR cpe:/a:drupal:drupal:5.1:*:*:*:*:*:*:*

OR cpe:/a:drupal:drupal:5.1_rev1.1:*:*:*:*:*:*:*

OR cpe:/a:drupal:drupal:5.2:*:*:*:*:*:*:*

OR cpe:/a:drupal:drupal:5.3:*:*:*:*:*:*:*

OR cpe:/a:drupal:drupal:5.4:*:*:*:*:*:*:*

OR cpe:/a:drupal:drupal:5.5:*:*:*:*:*:*:*

OR cpe:/a:drupal:drupal:5.7:*:*:*:*:*:*:*

OR cpe:/a:drupal:drupal:6.2:*:*:*:*:*:*:*

OR cpe:/a:drupal:drupal:5.8:*:*:*:*:*:*:*

OR cpe:/a:drupal:drupal:6.1:*:*:*:*:*:*:*

OR cpe:/a:drupal:drupal:5.9:*:*:*:*:*:*:*

OR cpe:/a:drupal:drupal:6.3:*:*:*:*:*:*:*

OR cpe:/a:drupal:drupal:6.4:*:*:*:*:*:*:*

OR cpe:/a:drupal:drupal:5.10:*:*:*:*:*:*:*

OR cpe:/a:drupal:drupal:6.5:*:*:*:*:*:*:*

OR cpe:/a:drupal:drupal:5.11:*:*:*:*:*:*:*

OR cpe:/a:drupal:drupal:5.12:*:*:*:*:*:*:*

OR cpe:/a:drupal:drupal:6.6:*:*:*:*:*:*:*

OR cpe:/a:drupal:drupal:6.9:*:*:*:*:*:*:*

OR cpe:/a:drupal:drupal:6.7:*:*:*:*:*:*:*

OR cpe:/a:drupal:drupal:5.13:*:*:*:*:*:*:*

OR cpe:/a:drupal:drupal:5.15:*:*:*:*:*:*:*

OR cpe:/a:drupal:drupal:5.14:*:*:*:*:*:*:*

OR cpe:/a:drupal:drupal:6.10:*:*:*:*:*:*:*

OR cpe:/a:drupal:drupal:5.16:*:*:*:*:*:*:*

OR cpe:/a:drupal:drupal:6.11:*:*:*:*:*:*:*

OR cpe:/a:drupal:drupal:5.17:*:*:*:*:*:*:*

OR cpe:/a:drupal:drupal:6.12:*:*:*:*:*:*:*

OR cpe:/a:drupal:drupal:5.18:*:*:*:*:*:*:*

OR cpe:/a:drupal:drupal:6.13:*:*:*:*:*:*:*

OR cpe:/a:drupal:drupal:6.14:*:*:*:*:*:*:*

OR cpe:/a:drupal:drupal:5.20:*:*:*:*:*:*:*

OR cpe:/a:drupal:drupal:6.16:*:*:*:*:*:*:*

OR cpe:/a:drupal:drupal:5.21:*:*:*:*:*:*:*

OR cpe:/a:drupal:drupal:6.15:*:*:*:*:*:*:*

Denotes that component is vulnerable