OpenID Foundation(OpenID Foundation website) have reported that
some OpenID Authentication 2.0 server implementations were found to be vulnerable.

Anyone who implements OP or RP on zimbra server (maybe as server extension) should take a look into the detail in their post below;
Vulnerability Alert – OpenID 2.0 Implementations Vulnerabilities found in some OPs | OpenID