Description
Crowd's OpenID server allows creation of different profiles. On modification, the security check for ownership of the profile is insufficient and may allow a malicious user to intentionally modify another user's profile.
Crowd's OpenID server allows creation of different profiles. On modification, the security check for ownership of the profile is insufficient and may allow a malicious user to intentionally modify another user's profile.