CVE-2012-0825
N/A
N/A
Summary
Drupal 6.x before 6.23 and 7.x before 7.11 does not verify that Attribute Exchange (AX) information is signed, which allows remote attackers to modify potentially sensitive AX information without detection via a man-in-the-middle (MITM) attack.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| n/a | n/a | n/a | affected |
Weaknesses
- n/a
ADP Enrichment
CVE Program Container
Additional References
- https://drupal.org/node/1425084
- http://openid.net/2011/05/05/attribute-exchange-security-alert/
- http://www.debian.org/security/2013/dsa-2776
References
- https://drupal.org/node/1425084
- http://openid.net/2011/05/05/attribute-exchange-security-alert/
- http://www.debian.org/security/2013/dsa-2776
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.