Drupal Shared Sign On Module Cross-Site Request Forgery and Session Fixation Vulnerabilities

The Shared Sign On module for Drupal is prone to a cross-site request-forgery vulnerability and a session-fixation vulnerability.

Attackers may exploit these issues to perform unauthorized actions, hijack arbitrary sessions, compromise the affected application, and modify administration settings. Other attacks are also possible.


 

Privacy Statement
Copyright 2010, SecurityFocus