|
|
Subscribe / Log in / New account

apache-mod_auth_openid: local session ID disclosure

Package(s):apache-mod_auth_openid CVE #(s):CVE-2012-2760
Created:July 26, 2012 Updated:August 1, 2012
Description:

From the Mandriva advisory:

mod_auth_openid before 0.7 for Apache uses world-readable permissions for /tmp/mod_auth_openid.db, which allows local users to obtain session ids (CVE-2012-2760).

Alerts:
Mandriva MDVSA-2012:114 apache-mod_auth_openid 2012-07-26
to post comments


Copyright © 2025, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds