mod_auth_openid before 0.7 for Apache uses world-readable permissions for /tmp/mod_auth_openid.db, which allows local users to obtain session ids.
References
Configurations
Configuration 1 (hide)
|
History
No history.
Information
Published : 2012-07-25 19:55
Updated : 2024-02-28 12:00
NVD link : CVE-2012-2760
Mitre link : CVE-2012-2760
CVE.ORG link : CVE-2012-2760
JSON object : View
Products Affected
findingscience
- mod_auth_openid
CWE
CWE-264
Permissions, Privileges, and Access Controls