CVE Vulnerability

CVE-2007-1651

Cross-site request forgery (CSRF) vulnerability in OpenID allows remote attackers to restore the login session of a user on an OpenID enabled site via unspecified vectors related to an arbitrary remote web site and cached tokens, after the user has signed into an OpenID server, logged into the OpenID enabled site, and then logged out of the OpenID enabled site.

6.8 /10

CVSS v2.0 :

V3 Legend

Vector :

Exploitability : 8.6 / Impact : 6.4

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

Scope

References
Link Resource
http://openid.net/pipermail/security/2007-March/000286.html
http://openid.net/pipermail/security/2007-March/000288.html
http://openid.net/pipermail/security/2007-March/000291.html
http://openid.net/pipermail/security/2007-March/000306.html
http://openid.net/pipermail/security/2007-March/000311.html
http://janrain.com/blog/2007/03/22/myopenid-security-fix/
http://osvdb.org/43600
Configurations

Configuration 1

cpe:2.3:a:openid:openid:*:*:*:*:*:*:*:*
Information

Published : 2007-03-24 12:19

Updated : 2008-11-13 06:35

NVD link : CVE-2007-1651

Mitre link : CVE-2007-1651

Products Affected
No products.
CWE
NVD-CWE-Other