Name of the Vulnerable Software and Affected Versions ZendOpenId (or Zend OpenId in ZF1) (affected versions not specified)

Description The issue allows an attacker to login using an arbitrary OpenID account without knowing any secret information by utilizing a malicious OpenID Provider. This means it is possible to impersonate any OpenID Identity, such as those from MyOpenID or Google, against the framework. Furthermore, the Consumer component accepts OpenID tokens with arbitrary signed elements, failing to check if all required parameters (e.g., openid.claimed id and openid.endpoint url) are signed, which contradicts the OpenID specification that mandates the signing of at least op endpoint, return to, response nonce, assoc handle, and, if present, claimed id and identity.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.