 |
Home ▼ Bookkeeping
Online ▼ Security
Audits ▼
Managed
DNS ▼
About
Order
FAQ
Acceptable Use Policy
Dynamic DNS Clients
Configure Domains Dyanmic DNS Update Password Network
Monitor ▼
Enterprise Package
Advanced Package
Standard Package
Free Trial
FAQ
Price/Feature Summary
Order/Renew
Examples
Configure/Status Alert Profiles | ||
| CVE ID: | CVE-2014-2685 |
| Description: | The GenericConsumer class in the Consumer component in ZendOpenId before 2.0.2 and the Zend_OpenId_Consumer class in Zend Framework 1 before 1.12.4 violate the OpenID 2.0 protocol by ensuring only that at least one field is signed, which allows remote attackers to bypass authentication by leveraging an assertion from an OpenID provider. |
| Test IDs: | 1.3.6.1.4.1.25623.1.1.1.2.2015.251 1.3.6.1.4.1.25623.1.0.703265 |
| Cross References: |
Common Vulnerability Exposure (CVE) ID: CVE-2014-2685 BugTraq ID: 66358 http://www.securityfocus.com/bid/66358 Debian Security Information: DSA-3265 (Google Search) http://www.debian.org/security/2015/dsa-3265 http://www.mandriva.com/security/advisories?name=MDVSA-2014:072 http://seclists.org/oss-sec/2014/q2/0 |