{"id":"CVE-2012-2760","details":"mod_auth_openid before 0.7 for Apache uses world-readable permissions for /tmp/mod_auth_openid.db, which allows local users to obtain session ids.","modified":"2026-04-10T03:44:15.873345Z","published":"2012-07-25T19:55:05Z","references":[{"type":"ADVISORY","url":"http://secunia.com/advisories/49247"},{"type":"ADVISORY","url":"http://www.mandriva.com/security/advisories?name=MDVSA-2012:114"},{"type":"FIX","url":"https://github.com/bmuller/mod_auth_openid/pull/30"},{"type":"WEB","url":"http://archives.neohapsis.com/archives/fulldisclosure/2012-05/0235.html"},{"type":"WEB","url":"http://packetstormsecurity.org/files/112991/Mod_Auth_OpenID-Session-Stealing.html"},{"type":"WEB","url":"http://www.exploit-db.com/exploits/18917"},{"type":"WEB","url":"http://www.osvdb.org/82139"},{"type":"WEB","url":"http://www.securityfocus.com/bid/53661"},{"type":"WEB","url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/75813"},{"type":"WEB","url":"https://github.com/bmuller/mod_auth_openid/blob/master/ChangeLog"}],"schema_version":"1.7.5"}