2012-07-25 19:00:00
mitre
PUBLISHED
mod_auth_openid before 0.7 for Apache uses world-readable permissions for /tmp/mod_auth_openid.db, which allows local users to obtain session ids.