CVE Vulnerabilities

CVE-2014-2685

Improper Authentication

Published: Sep 04, 2014 | Modified: Nov 04, 2017
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
7.5 HIGH
AV:N/AC:L/Au:N/C:P/I:P/A:P
RedHat/V2
RedHat/V3
Ubuntu

The GenericConsumer class in the Consumer component in ZendOpenId before 2.0.2 and the Zend_OpenId_Consumer class in Zend Framework 1 before 1.12.4 violate the OpenID 2.0 protocol by ensuring only that at least one field is signed, which allows remote attackers to bypass authentication by leveraging an assertion from an OpenID provider.

Weakness

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

Affected Software

Name Vendor Start Version End Version
Zend_framework Zend 1.10.6 1.10.6
Zend_framework Zend 1.10.0 1.10.0
Zend_framework Zend 1.12.0 1.12.0
Zend_framework Zend 1.11.0 1.11.0
Zend_framework Zend 1.10.3 1.10.3
Zend_framework Zend 1.11.4 1.11.4
Zend_framework Zend 1.7.4 1.7.4
Zend_framework Zend 1.7.5 1.7.5
Zend_framework Zend 1.10.5 1.10.5
Zend_framework Zend 1.11.11 1.11.11
Zend_framework Zend 1.10.8 1.10.8
Zend_framework Zend 1.12.2 1.12.2
Zend_framework Zend 1.10.0 1.10.0
Zend_framework Zend 1.5.0 1.5.0
Zend_framework Zend 1.9.6 1.9.6
Zend_framework Zend 1.10.0 1.10.0
Zend_framework Zend 1.8.3 1.8.3
Zend_framework Zend 1.7.6 1.7.6
Zend_framework Zend 1.5.0 1.5.0
Zend_framework Zend 1.8.0 1.8.0
Zend_framework Zend 1.11.5 1.11.5
Zend_framework Zend 1.8.4 1.8.4
Zend_framework Zend 1.11.0 1.11.0
Zend_framework Zend 1.7.2 1.7.2
Zend_framework Zend 1.0.0 1.0.0
Zend_framework Zend 1.5.0 1.5.0
Zend_framework Zend 1.6.0 1.6.0
Zend_framework Zend 1.9.0 1.9.0
Zend_framework Zend 1.7.0 1.7.0
Zend_framework Zend 1.9.2 1.9.2
Zend_framework Zend 1.11.12 1.11.12
Zend_framework Zend 1.9.3 1.9.3
Zend_framework Zend 1.5.1 1.5.1
Zend_framework Zend 1.10.4 1.10.4
Zend_framework Zend 1.6.0 1.6.0
Zend_framework Zend 1.11.9 1.11.9
Zend_framework Zend 1.0.0 1.0.0
Zend_framework Zend 1.8.4 1.8.4
Zend_framework Zend 1.11.6 1.11.6
Zend_framework Zend 1.8.1 1.8.1
Zend_framework Zend 1.9.5 1.9.5
Zend_framework Zend 1.6.0 1.6.0
Zend_framework Zend 1.9.0 1.9.0
Zend_framework Zend 1.9.0 1.9.0
Zend_framework Zend 1.0.0 1.0.0
Zend_framework Zend 1.11.3 1.11.3
Zend_framework Zend 1.5.0 1.5.0
Zend_framework Zend 1.5.0 1.5.0
Zend_framework Zend 1.11.13 1.11.13
Zend_framework Zend 1.5.2 1.5.2
Zend_framework Zend 1.11.2 1.11.2
Zend_framework Zend 1.9.0 1.9.0
Zend_framework Zend 1.0.0 1.0.0
Zend_framework Zend 1.0.3 1.0.3
Zend_framework Zend 1.9.8 1.9.8
Zend_framework Zend 1.10.0 1.10.0
Zend_framework Zend 1.11.0 1.11.0
Zend_framework Zend 1.11.10 1.11.10
Zend_framework Zend 1.6.1 1.6.1
Zend_framework Zend 1.9.7 1.9.7
Zend_framework Zend 1.6.2 1.6.2
Zend_framework Zend 1.9.3 1.9.3
Zend_framework Zend 1.12.1 1.12.1
Zend_framework Zend 1.7.3 1.7.3
Zend_framework Zend 1.12.0 1.12.0
Zend_framework Zend 1.0.0 1.0.0
Zend_framework Zend 1.7.0 1.7.0
Zend_framework Zend 1.10.1 1.10.1
Zend_framework Zend 1.12.0 1.12.0
Zend_framework Zend 1.8.5 1.8.5
Zend_framework Zend 1.8.2 1.8.2
Zend_framework Zend 1.11.8 1.11.8
Zend_framework Zend 1.7.1 1.7.1
Zend_framework Zend 1.7.7 1.7.7
Zend_framework Zend 1.6.0 1.6.0
Zend_framework Zend 1.9.1 1.9.1
Zend_framework Zend 1.8.0 1.8.0
Zend_framework Zend 1.10.7 1.10.7
Zend_framework Zend 1.10.9 1.10.9
Zend_framework Zend 1.11.7 1.11.7
Zend_framework Zend 1.7.9 1.7.9
Zend_framework Zend 1.0.1 1.0.1
Zend_framework Zend 1.5.0 1.5.0
Zend_framework Zend 1.12.0 1.12.0
Zend_framework Zend * 1.12.3
Zend_framework Zend 1.7.0 1.7.0
Zend_framework Zend 1.10.2 1.10.2
Zend_framework Zend 1.7.3 1.7.3
Zend_framework Zend 1.11.1 1.11.1
Zend_framework Zend 1.0.4 1.0.4
Zend_framework Zend 1.0.2 1.0.2
Zend_framework Zend 1.8.0 1.8.0
Zend_framework Zend 1.7.8 1.7.8
Zend_framework Zend 1.9.4 1.9.4
Zend_framework Zend 1.5.3 1.5.3
Zend_framework Zend 1.12.0 1.12.0

Potential Mitigations

References