Mod Auth Openidc Security Vulnerabilities and Issues — Mod Auth Openidc CVE List

Lucene search

OpenidcMod Auth Openidc

3 matches found

CVE•added 2025/04/06 8:15 p.m.•950 views

CVE-2025-31492

mod_auth_openidc is an OpenID Certified authentication and authorization module for the Apache 2.x HTTP server that implements the OpenID Connect Relying Party functionality. Prior to 2.4.16.11, a bug in a mod_auth_openidc results in disclosure of protected content to unauthenticated users. The con...

8.2CVSS6.7AI score0.00349EPSS

CVE•added 2017/03/02 6:59 a.m.•60 views

CVE-2017-6413

The "OpenID Connect Relying Party and OAuth 2.0 Resource Server" (aka mod_auth_openidc) module before 2.1.6 for the Apache HTTP Server does not skip OIDC_CLAIM_ and OIDCAuthNHeader headers in an "AuthType oauth20" configuration, which allows remote attackers to bypass authentication via crafted HTT...

8.6CVSS7.9AI score0.00408EPSS

CVE•added 2017/03/02 6:59 a.m.•45 views

CVE-2017-6062

The "OpenID Connect Relying Party and OAuth 2.0 Resource Server" (aka mod_auth_openidc) module before 2.1.5 for the Apache HTTP Server does not skip OIDC_CLAIM_ and OIDCAuthNHeader headers in an "OIDCUnAuthAction pass" configuration, which allows remote attackers to bypass authentication via crafte...

8.6CVSS7.9AI score0.00413EPSS