CVE-2010-3685

The OpenID module in Drupal 6.x before 6.18, and the OpenID module 5.x before 5.x-1.4 for Drupal, violates the OpenID 2.0 protocol by not checking for reuse of openid.response_nonce values, which allows remote attackers to bypass authentication by leveraging an assertion from an OpenID provider.

Weakness

When an actor claims to have a given identity, the software does not prove or insufficiently proves that the claim is correct.

Affected Software

Name	Vendor	Start Version	End Version
Drupal	Drupal	6.0	6.0
Drupal	Drupal	6.0	6.0
Drupal	Drupal	6.0	6.0
Drupal	Drupal	6.0	6.0
Drupal	Drupal	6.0	6.0
Drupal	Drupal	6.0	6.0
Drupal	Drupal	6.0	6.0
Drupal	Drupal	6.0	6.0
Drupal	Drupal	6.0	6.0
Drupal	Drupal	6.0	6.0
Drupal	Drupal	6.1	6.1
Drupal	Drupal	6.2	6.2
Drupal	Drupal	6.3	6.3
Drupal	Drupal	6.4	6.4
Drupal	Drupal	6.5	6.5
Drupal	Drupal	6.6	6.6
Drupal	Drupal	6.7	6.7
Drupal	Drupal	6.8	6.8
Drupal	Drupal	6.9	6.9
Drupal	Drupal	6.10	6.10
Drupal	Drupal	6.11	6.11
Drupal	Drupal	6.12	6.12
Drupal	Drupal	6.13	6.13
Drupal	Drupal	6.14	6.14
Drupal	Drupal	6.15	6.15
Drupal	Drupal	6.16	6.16
Drupal	Drupal	6.17	6.17
Drupal5	Ubuntu	hardy	*
Drupal5	Ubuntu	jaunty	*
Drupal5	Ubuntu	karmic	*
Drupal5	Ubuntu	upstream	*
Drupal6	Ubuntu	jaunty	*
Drupal6	Ubuntu	karmic	*
Drupal6	Ubuntu	lucid	*
Drupal6	Ubuntu	upstream	*

Potential Mitigations

References

http://drupal.org/node/880476
http://drupal.org/node/880480
http://marc.info/?l=oss-security\u0026m=128418560705305\u0026w=2
http://marc.info/?l=oss-security\u0026m=128440896914512\u0026w=2
http://www.debian.org/security/2010/dsa-2113
http://www.securityfocus.com/bid/42388

NVD	https://nvd.nist.gov/vuln/detail/CVE-2010-3685
CWE	https://cwe.mitre.org/data/definitions/287.html

Improper Authentication

Weakness

Affected Software

Potential Mitigations

Related Attack Patterns

References