mailing list archives
session stealing in mod_auth_openid - CVE-2012-2760
From: ptr <ligeglad () gmail com>
Date: Tue, 22 May 2012 20:14:38 -0700
# Security Advisory 1201
Summary : Session stealing
Date : May 2012
Affected versions : all versions prior to mod_auth_openid-0.7
ID : mod_auth_openid-1201
CVE reference : CVE-2012-2760
Session ids are stored insecurely in /tmp/mod_auth_openid.db (default
filename). The db is world readable and the session ids are stored
If a user has access to the filesystem on the mod_auth_openid server,
they can steal all of the current openid authenticated sessions
A quick improvement of the situation is to chmod 0400 the DB file.
Default location is /tmp/mod_auth_openid.db unless another location
has been configured in AuthOpenIDDBLocation.
Upgrade to mod_auth_openid-0.7 or later:
This vulnerability was reported by Peter Ellehauge, ptr at groupon dot
com. Fixed by Brian Muller bmuller at gmail dot com
mod_auth_openid project: http://findingscience.com/mod_auth_openid/
15 May 2012
Discovered the vulnerability. Created private patch.
16 May 2012
22 May 2012
Fixed by Brian Muller (bmuller at gmail dot com) in
Full-Disclosure - We believe in it.
Hosted and sponsored by Secunia - http://secunia.com/
- session stealing in mod_auth_openid - CVE-2012-2760 ptr (May 23)