Various OpenID Providers (OPs) have TLS server certificates that use weak keys as a result of the Debian predictable random number generator vulnerability.
4ddd04a36c9b48f9c80e6563aa1fa71fc5a92fd3361f08a3b4f6e658063a2112
mod_auth_openid versions prior to 0.7 insecurely store session ids in /tmp/mod_auth_openid.db unencrypted.
38e86ab74026a3ed1cc80b4676aa4ecb3b7863107daed098dea57ce009b8de2c