2007-03-24 00:00:00
mitre
PUBLISHED
OpenID allows remote attackers to forcibly log a user into an OpenID enabled site, divulge the users personal information to this site, and add it site to the trusted sites list via a crafted web page, related to cached tokens.