← Zuruck zu CVEs

CVE-2014-2685

N/A

Beschreibung

The GenericConsumer class in the Consumer component in ZendOpenId before 2.0.2 and the Zend_OpenId_Consumer class in Zend Framework 1 before 1.12.4 violate the OpenID 2.0 protocol by ensuring only that at least one field is signed, which allows remote attackers to bypass authentication by leveraging an assertion from an OpenID provider.

CVE Details

CVSS v3.1 BewertungN/A

Veroffentlicht9/4/2014

Zuletzt geandert4/12/2025

Quellenvd

Honeypot-Sichtungen0

Betroffene Produkte

zend:zend_frameworkzend:zendopenid

Schwachen (CWE)

CWE-287

Referenzen

http://advisories.mageia.org/MGASA-2014-0151.html(cve@mitre.org)

http://framework.zend.com/security/advisory/ZF2014-02(cve@mitre.org)

http://seclists.org/oss-sec/2014/q2/0(cve@mitre.org)

http://www.debian.org/security/2015/dsa-3265(cve@mitre.org)

http://www.mandriva.com/security/advisories?name=MDVSA-2014:072(cve@mitre.org)

http://www.securityfocus.com/bid/66358(cve@mitre.org)

http://advisories.mageia.org/MGASA-2014-0151.html(af854a3a-2127-422b-91ae-364da2661108)

http://framework.zend.com/security/advisory/ZF2014-02(af854a3a-2127-422b-91ae-364da2661108)

http://seclists.org/oss-sec/2014/q2/0(af854a3a-2127-422b-91ae-364da2661108)

http://www.debian.org/security/2015/dsa-3265(af854a3a-2127-422b-91ae-364da2661108)

http://www.mandriva.com/security/advisories?name=MDVSA-2014:072(af854a3a-2127-422b-91ae-364da2661108)

http://www.securityfocus.com/bid/66358(af854a3a-2127-422b-91ae-364da2661108)

IOC Korrelationen

Keine Korrelationen erfasst

This product uses data from the NVD API but is not endorsed or certified by the NVD.