RSS   Vulnerabilities for 'Mod auth openidc'   RSS

2017-04-12
 
CVE-2017-6059

CWE-20
 

 
Mod_auth_openidc.c in the Ping Identity OpenID Connect authentication module for Apache (aka mod_auth_openidc) before 2.14 allows remote attackers to spoof page content via a malicious URL provided to the user, which triggers an invalid request.

 
2017-03-02
 
CVE-2017-6413

 

 
The "OpenID Connect Relying Party and OAuth 2.0 Resource Server" (aka mod_auth_openidc) module before 2.1.6 for the Apache HTTP Server does not skip OIDC_CLAIM_ and OIDCAuthNHeader headers in an "AuthType oauth20" configuration, which allows remote attackers to bypass authentication via crafted HTTP traffic.

 
 
CVE-2017-6062

 

 
The "OpenID Connect Relying Party and OAuth 2.0 Resource Server" (aka mod_auth_openidc) module before 2.1.5 for the Apache HTTP Server does not skip OIDC_CLAIM_ and OIDCAuthNHeader headers in an "OIDCUnAuthAction pass" configuration, which allows remote attackers to bypass authentication via crafted HTTP traffic.

 

 >>> Vendor: Pingidentity 9 Products
Pingfederate
Mod auth openidc
Agentless integration kit
Ldapsdk
Pingid ssh integration
Pingid integration for windows login
Rsa securid integration kit
Pingaccess
Pingone mfa integration kit


Copyright 2024, cxsecurity.com

 

Back to Top