CVE-2007-1652

medium

Description

OpenID allows remote attackers to forcibly log a user into an OpenID enabled site, divulge the user's personal information to this site, and add it site to the trusted sites list via a crafted web page, related to cached tokens.

References

http://osvdb.org/43601

http://openid.net/pipermail/security/2007-March/000311.html

http://openid.net/pipermail/security/2007-March/000306.html

http://openid.net/pipermail/security/2007-March/000291.html

http://openid.net/pipermail/security/2007-March/000288.html

http://openid.net/pipermail/security/2007-March/000286.html

http://janrain.com/blog/2007/03/22/myopenid-security-fix/

Details

Source: Mitre, NVD

Published: 2007-03-24

Updated: 2026-06-16

Risk Information

CVSS v2

Base Score: 7.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Severity: High

CVSS v3

Base Score: 4.3

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N

Severity: Medium

EPSS

EPSS: 0.00958

Detections

Analytics