theregister

Drupal flicks fix to nix OpenID admin account hijack hole

Drupal has shuttered a flaw in its implementation of OpenID that allows attackers to log in as web site administrators. The flaw (CVE-2015-3234) is the most critical of four and affects versions six ...
CMS Wire

Drupal v6 Frozen, Includes OpenID Support

Details about OpenID and how to create your own OpenID can be found at the OpenID site. Set up time is trivial, so if you fancy yourself a bit of an early adopter, dig in now. eBook The State of AI in ...
GitHub

OpenID Connect for Drupal

This repo contains a forked and modified version of the module, to allow it to work better with Azure AD as an OpenID Connect provider. Call the userinfo endpoint conditionally. Azure AD does not ...
Threat Post

Drupal Fixes Critical OpenID Bug

Drupal has patched several vulnerabilities in versions 6 and 7 of the content-management system, including a critical bug that enables an attacker to hijack administrators’ accounts and take arbitrary ...
GitHub

drupal_openid_xxe.rb

in the parsing of a malformed XRDS file coming from a malicious OpenID endpoint. This module has been tested successfully on Drupal 7.15 and 7.2 with the OpenID module enabled.
CMS Wire

Drupal Drops 6.0 Beta 3; Sports OpenID and Fancy Installer

White Paper How Agentic AI Is Rewriting the Rules of Customer Experience Your chatbot may be polite, but is it actually pulling its weight? Read now Research Report 3 Customer Service AI Trends That ...
IEEE

Do Not Trust Me: Using Malicious IdPs for Analyzing and Attacking Single Sign-on

Abstract: Single Sign-On (SSO) systems simplify login procedures by using an Identity Provider (IdP) to issue authentication tokens which can be consumed by Service Providers (SPs). Traditionally, ...