Title: mod_auth_openid Insecure Database File Openid Session Local Information Disclosure
May 23, 2012
May 22, 2012
mod_auth_openid contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when the program creates a database file with insecure world-readable permissions, which will disclose session information to a local attacker.
Local Access Required
Loss of Confidentiality
Upgrade to version 0.7 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.