CVE-2008-3221

Name of the Vulnerable Software and Affected Versions: Drupal versions 6.0 through 6.2

Description: A cross-site request forgery (CSRF) issue allows remote attackers to perform administrative actions via vectors involving deletion of OpenID identities. This can be exploited to carry out unauthorized actions on the affected system.

Recommendations: For Drupal versions 6.0 through 6.2, update to version 6.3 or later to resolve the issue. As a temporary workaround, consider restricting access to the OpenID identity deletion functionality until the update can be applied.