Drupal 6.x < 6.30 OpenID Module Account Hijacking
Medium Nessus Plugin ID 72102
SynopsisThe remote web server is running a PHP application that is affected by a security bypass vulnerability.
DescriptionThe remote web server is running a version of Drupal that is 6.x prior to 6.30. It is, therefore, affected by a security bypass vulnerability in the OpenID module that could allow an authenticated attacker to hijack other users' accounts. Only user accounts associated with one or more OpenID entities are affected.
Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.
SolutionUpgrade to version 6.30 or later.