CVE-2017-6062

Name of the Vulnerable Software and Affected Versions mod auth openidc versions prior to 2.1.5

Description The issue allows remote attackers to bypass authentication via crafted HTTP traffic due to the module not skipping OIDC CLAIM and OIDCAuthNHeader headers in an "OIDCUnAuthAction pass" configuration.

Recommendations For versions prior to 2.1.5, update to version 2.1.5 or later to resolve the issue. As a temporary workaround, consider restricting access to the "OIDCUnAuthAction pass" configuration to minimize the risk of exploitation.