Back to search
CVE-2008-3280
Published: May 21, 2021
Modified: Aug 7, 2024
PUBLISHED
Description
It was found that various OpenID Providers (OPs) had TLS Server Certificates that used weak keys, as a result of the Debian Predictable Random Number Generator (CVE-2008-0166). In combination with the DNS Cache Poisoning issue (CVE-2008-1447) and the fact that almost all SSL/TLS implementations do not consult CRLs (currently an untracked issue), this means that it is impossible to rely on these OPs.
| Vendor | Product | Versions |
|---|---|---|
n/a | openid | affected unknown |
Weaknesses (CWE)
References
https://www.exploit-db.com/exploits/5720
x_refsource_MISC
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now