mod_auth_openidc Authentication Bypass Vulnerability

By GIXnews


A vulnerability in mod_auth_openidc could allow an unauthenticated, remote attacker to bypass authentication on an affected system.

The vulnerability exists because the affected software does not properly sanitize HTTP headers. An attacker could exploit this vulnerability by sending crafted HTTP traffic to the accected system. A successful exploit could allow the attacker to bypass authentication and gain unauthorized access to the system.

The vendor has confirmed the vulnerability and released software updates.

Security Impact Rating: High

CVE: CVE-2017-6413

Source:: Cisco Multivendor Vulnerability Alerts