Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
The GenericConsumer class in the Consumer component in ZendOpenId before 2.0.2 and the Zend_OpenId_Consumer class in Zend Framework 1 before 1.12.4 does not verify that the openid_op_endpoint value identifies the same Identity Provider as the provider used in the association handle, which allows remote attackers to bypass authentication and spoof arbitrary OpenID identities by using a malicious OpenID Provider that generates OpenID tokens with arbitrary identifier and claimed_id values.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Zend Framework ZendOpenId和Zend_OpenId_Consumer 安全漏洞
Vulnerability Description
Zend Framework 1(ZF1)是美国Zend公司开发的一套开源的PHP5开发框架,它主要用于开发Web程序和服务。ZendOpenId是其中的一个提供了简单API用于构建启用OpenId的站点和身份标识的组件;Zend_OpenId_Consumer是其中的一个被用来在网站上实现OpenId认证计划的类。 ZF1 1.12.4之前版本的ZendOpenId 2.0.2之前版本和Zend_OpenId_Consumer类中的Consumer组件的GenericConsumer类中存在安全漏洞,该
CVSS Information
N/A
Vulnerability Type
N/A