The OpenID module in Drupal 6.x before 6.30 and 7.x before 7.26 allows remote OpenID users to authenticate as other users via unspecified vectors.
https://drupal.org/SA-CORE-2014-001
http://www.securityfocus.com/bid/64973
http://www.mandriva.com/security/advisories?name=MDVSA-2014:031
http://www.debian.org/security/2014/dsa-2851
http://www.debian.org/security/2014/dsa-2847