Authentication Bypass Vulnerability in Drupal by OpenID Module
CVE-2015-3234

Currently unrated

Key Information:

Vendor

Drupal
Status
Drupal
Vendor
CVE Published:
22 June 2015

What is CVE-2015-3234?

The OpenID module in Drupal versions prior to 6.36 and 7.38 is susceptible to an authentication bypass vulnerability. This flaw allows remote attackers to exploit specific OpenID identity providers, such as Verisign, LiveJournal, and StackExchange, to gain unauthorized access to user accounts. By leveraging this vulnerability, attackers can impersonate other users, potentially compromising sensitive user information and system integrity.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

References

http://lists.fedoraproject.org/pipermail/package-announce...
vendor-advisoryx_refsource_FEDORA
http://www.securityfocus.com/bid/75294
vdb-entryx_refsource_BID
http://www.debian.org/security/2015/dsa-3291
vendor-advisoryx_refsource_DEBIAN

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.