Apache · Mod Auth Openidc · CVE-2012-2760
**Name of the Vulnerable Software and Affected Versions**
mod auth openid versions prior to 0.7
**Description**
The issue allows local users to obtain session ids due to world-readable permissions for /tmp/mod auth openid.db.
**Recommendations**
For mod auth openid versions prior to 0.7, update to version 0.7 or later to resolve the issue.