CVE-2008-0570

Severity CVSS v4.0:
Pending analysis
Type:
CWE-20 Input Validation
Publication date:
05/02/2008
Last modified:
09/04/2025

Description

The OpenID 5.x-1.0 and earlier module for Drupal does not properly verify the claimed_id returned by an OpenID provider, which allows remote OpenID providers to spoof OpenID authentication for domains associated with other providers.

Vulnerable products and versions

CPE From Up to
cpe:2.3:a:drupal:openid:5:*:*:*:*:*:*:*