mod_auth_openid Local Information Disclosure Vulnerability
BID:53661
Info
mod_auth_openid Local Information Disclosure Vulnerability
| Bugtraq ID: | 53661 |
| Class: | Design Error |
| CVE: |
CVE-2012-2760 |
| Remote: | No |
| Local: | Yes |
| Published: | May 22 2012 12:00AM |
| Updated: | Jul 26 2012 04:11PM |
| Credit: | Peter Ellehauge |
| Vulnerable: |
MandrakeSoft Enterprise Server 5 x86_64 MandrakeSoft Enterprise Server 5 FindingScience mod_auth_openid 0.2.1 FindingScience mod_auth_openid 0.6 FindingScience mod_auth_openid 0.5 FindingScience mod_auth_openid 0.4 FindingScience mod_auth_openid 0.3 FindingScience mod_auth_openid 0.2 |
| Not Vulnerable: |
FindingScience mod_auth_openid 0.7 |
Discussion
mod_auth_openid Local Information Disclosure Vulnerability
mod_auth_openid is prone to a local information-disclosure vulnerability.
Local attackers can exploit this issue to obtain sensitive information that may lead to further attacks.
mod_auth_openid versions prior to 0.7 are vulnerable.
mod_auth_openid is prone to a local information-disclosure vulnerability.
Local attackers can exploit this issue to obtain sensitive information that may lead to further attacks.
mod_auth_openid versions prior to 0.7 are vulnerable.
Exploit / POC
mod_auth_openid Local Information Disclosure Vulnerability
Attackers require local interactive access to an affected computer to exploit this issue.
Attackers require local interactive access to an affected computer to exploit this issue.
Solution / Fix
mod_auth_openid Local Information Disclosure Vulnerability
Solution:
Updates are available. Please see the references for more information.
Solution:
Updates are available. Please see the references for more information.
References
mod_auth_openid Local Information Disclosure Vulnerability
References:
References:
- mod_auth_openid Homepage (FindingScience)
- mod_auth_openid Releases and Changelog (FindingScience)