Back to search
CVE-2016-2049
Published: Feb 1, 2016
Modified: Aug 5, 2024
PUBLISHED
Description
examples/consumer/common.php in JanRain PHP OpenID library (aka php-openid) improperly checks the openid.realm parameter against the SERVER_NAME element in the SERVER superglobal array, which might allow remote attackers to hijack the authentication of arbitrary users via vectors involving a crafted HTTP Host header.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
[oss-security] 20160124 Re: CVE Request: Host based account hijack attack on php-openid
mailing-list
x_refsource_MLIST
[oss-security] 20160124 CVE Request: Host based account hijack attack on php-openid
mailing-list
x_refsource_MLIST
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now