The GenericConsumer class in the Consumer component in ZendOpenId before 2.0.2 and the Zend_OpenId_Consumer class in Zend Framework 1 before 1.12.4 violate the OpenID 2.0 protocol by ensuring only that at least one field is signed, which allows remote attackers to bypass authentication by leveraging an assertion from an OpenID provider.
When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Zend_framework | Zend | * | 1.12.3 (including) |
| Zend_framework | Zend | 1.0.0 (including) | 1.0.0 (including) |
| Zend_framework | Zend | 1.0.0-rc1 (including) | 1.0.0-rc1 (including) |
| Zend_framework | Zend | 1.0.0-rc2 (including) | 1.0.0-rc2 (including) |
| Zend_framework | Zend | 1.0.0-rc2a (including) | 1.0.0-rc2a (including) |
| Zend_framework | Zend | 1.0.0-rc3 (including) | 1.0.0-rc3 (including) |
| Zend_framework | Zend | 1.0.1 (including) | 1.0.1 (including) |
| Zend_framework | Zend | 1.0.2 (including) | 1.0.2 (including) |
| Zend_framework | Zend | 1.0.3 (including) | 1.0.3 (including) |
| Zend_framework | Zend | 1.0.4 (including) | 1.0.4 (including) |
| Zend_framework | Zend | 1.5.0 (including) | 1.5.0 (including) |
| Zend_framework | Zend | 1.5.0-pl (including) | 1.5.0-pl (including) |
| Zend_framework | Zend | 1.5.0-pr (including) | 1.5.0-pr (including) |
| Zend_framework | Zend | 1.5.0-rc1 (including) | 1.5.0-rc1 (including) |
| Zend_framework | Zend | 1.5.0-rc2 (including) | 1.5.0-rc2 (including) |
| Zend_framework | Zend | 1.5.0-rc3 (including) | 1.5.0-rc3 (including) |
| Zend_framework | Zend | 1.5.1 (including) | 1.5.1 (including) |
| Zend_framework | Zend | 1.5.2 (including) | 1.5.2 (including) |
| Zend_framework | Zend | 1.5.3 (including) | 1.5.3 (including) |
| Zend_framework | Zend | 1.6.0 (including) | 1.6.0 (including) |
| Zend_framework | Zend | 1.6.0-rc1 (including) | 1.6.0-rc1 (including) |
| Zend_framework | Zend | 1.6.0-rc2 (including) | 1.6.0-rc2 (including) |
| Zend_framework | Zend | 1.6.0-rc3 (including) | 1.6.0-rc3 (including) |
| Zend_framework | Zend | 1.6.1 (including) | 1.6.1 (including) |
| Zend_framework | Zend | 1.6.2 (including) | 1.6.2 (including) |
| Zend_framework | Zend | 1.7.0 (including) | 1.7.0 (including) |
| Zend_framework | Zend | 1.7.0-pl1 (including) | 1.7.0-pl1 (including) |
| Zend_framework | Zend | 1.7.0-pr (including) | 1.7.0-pr (including) |
| Zend_framework | Zend | 1.7.1 (including) | 1.7.1 (including) |
| Zend_framework | Zend | 1.7.2 (including) | 1.7.2 (including) |
| Zend_framework | Zend | 1.7.3 (including) | 1.7.3 (including) |
| Zend_framework | Zend | 1.7.3-pl1 (including) | 1.7.3-pl1 (including) |
| Zend_framework | Zend | 1.7.4 (including) | 1.7.4 (including) |
| Zend_framework | Zend | 1.7.5 (including) | 1.7.5 (including) |
| Zend_framework | Zend | 1.7.6 (including) | 1.7.6 (including) |
| Zend_framework | Zend | 1.7.7 (including) | 1.7.7 (including) |
| Zend_framework | Zend | 1.7.8 (including) | 1.7.8 (including) |
| Zend_framework | Zend | 1.7.9 (including) | 1.7.9 (including) |
| Zend_framework | Zend | 1.8.0 (including) | 1.8.0 (including) |
| Zend_framework | Zend | 1.8.0-a1 (including) | 1.8.0-a1 (including) |
| Zend_framework | Zend | 1.8.0-b1 (including) | 1.8.0-b1 (including) |
| Zend_framework | Zend | 1.8.1 (including) | 1.8.1 (including) |
| Zend_framework | Zend | 1.8.2 (including) | 1.8.2 (including) |
| Zend_framework | Zend | 1.8.3 (including) | 1.8.3 (including) |
| Zend_framework | Zend | 1.8.4 (including) | 1.8.4 (including) |
| Zend_framework | Zend | 1.8.4-pl1 (including) | 1.8.4-pl1 (including) |
| Zend_framework | Zend | 1.8.5 (including) | 1.8.5 (including) |
| Zend_framework | Zend | 1.9.0 (including) | 1.9.0 (including) |
| Zend_framework | Zend | 1.9.0-a1 (including) | 1.9.0-a1 (including) |
| Zend_framework | Zend | 1.9.0-b1 (including) | 1.9.0-b1 (including) |
| Zend_framework | Zend | 1.9.0-rc1 (including) | 1.9.0-rc1 (including) |
| Zend_framework | Zend | 1.9.1 (including) | 1.9.1 (including) |
| Zend_framework | Zend | 1.9.2 (including) | 1.9.2 (including) |
| Zend_framework | Zend | 1.9.3 (including) | 1.9.3 (including) |
| Zend_framework | Zend | 1.9.3-pl1 (including) | 1.9.3-pl1 (including) |
| Zend_framework | Zend | 1.9.4 (including) | 1.9.4 (including) |
| Zend_framework | Zend | 1.9.5 (including) | 1.9.5 (including) |
| Zend_framework | Zend | 1.9.6 (including) | 1.9.6 (including) |
| Zend_framework | Zend | 1.9.7 (including) | 1.9.7 (including) |
| Zend_framework | Zend | 1.9.8 (including) | 1.9.8 (including) |
| Zend_framework | Zend | 1.10.0 (including) | 1.10.0 (including) |
| Zend_framework | Zend | 1.10.0-alpha1 (including) | 1.10.0-alpha1 (including) |
| Zend_framework | Zend | 1.10.0-beta1 (including) | 1.10.0-beta1 (including) |
| Zend_framework | Zend | 1.10.0-rc1 (including) | 1.10.0-rc1 (including) |
| Zend_framework | Zend | 1.10.1 (including) | 1.10.1 (including) |
| Zend_framework | Zend | 1.10.2 (including) | 1.10.2 (including) |
| Zend_framework | Zend | 1.10.3 (including) | 1.10.3 (including) |
| Zend_framework | Zend | 1.10.4 (including) | 1.10.4 (including) |
| Zend_framework | Zend | 1.10.5 (including) | 1.10.5 (including) |
| Zend_framework | Zend | 1.10.6 (including) | 1.10.6 (including) |
| Zend_framework | Zend | 1.10.7 (including) | 1.10.7 (including) |
| Zend_framework | Zend | 1.10.8 (including) | 1.10.8 (including) |
| Zend_framework | Zend | 1.10.9 (including) | 1.10.9 (including) |
| Zend_framework | Zend | 1.11.0 (including) | 1.11.0 (including) |
| Zend_framework | Zend | 1.11.0-b1 (including) | 1.11.0-b1 (including) |
| Zend_framework | Zend | 1.11.0-rc1 (including) | 1.11.0-rc1 (including) |
| Zend_framework | Zend | 1.11.1 (including) | 1.11.1 (including) |
| Zend_framework | Zend | 1.11.2 (including) | 1.11.2 (including) |
| Zend_framework | Zend | 1.11.3 (including) | 1.11.3 (including) |
| Zend_framework | Zend | 1.11.4 (including) | 1.11.4 (including) |
| Zend_framework | Zend | 1.11.5 (including) | 1.11.5 (including) |
| Zend_framework | Zend | 1.11.6 (including) | 1.11.6 (including) |
| Zend_framework | Zend | 1.11.7 (including) | 1.11.7 (including) |
| Zend_framework | Zend | 1.11.8 (including) | 1.11.8 (including) |
| Zend_framework | Zend | 1.11.9 (including) | 1.11.9 (including) |
| Zend_framework | Zend | 1.11.10 (including) | 1.11.10 (including) |
| Zend_framework | Zend | 1.11.11 (including) | 1.11.11 (including) |
| Zend_framework | Zend | 1.11.12 (including) | 1.11.12 (including) |
| Zend_framework | Zend | 1.11.13 (including) | 1.11.13 (including) |
| Zend_framework | Zend | 1.12.0 (including) | 1.12.0 (including) |
| Zend_framework | Zend | 1.12.0-rc1 (including) | 1.12.0-rc1 (including) |
| Zend_framework | Zend | 1.12.0-rc2 (including) | 1.12.0-rc2 (including) |
| Zend_framework | Zend | 1.12.0-rc3 (including) | 1.12.0-rc3 (including) |
| Zend_framework | Zend | 1.12.0-rc4 (including) | 1.12.0-rc4 (including) |
| Zend_framework | Zend | 1.12.1 (including) | 1.12.1 (including) |
| Zend_framework | Zend | 1.12.2 (including) | 1.12.2 (including) |
| Zendframework | Ubuntu | lucid | * |
| Zendframework | Ubuntu | upstream | * |