Vulnerabilities > Openidc > MOD Auth Openidc > 1.8.10.1
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-03-02 | CVE-2017-6062 | Improper Authentication vulnerability in Openidc MOD Auth Openidc 1.8.10/1.8.10.1/1.8.10.2 The "OpenID Connect Relying Party and OAuth 2.0 Resource Server" (aka mod_auth_openidc) module before 2.1.5 for the Apache HTTP Server does not skip OIDC_CLAIM_ and OIDCAuthNHeader headers in an "OIDCUnAuthAction pass" configuration, which allows remote attackers to bypass authentication via crafted HTTP traffic. | 8.6 |