Thomas Klute

**Name of the Vulnerable Software and Affected Versions** mod-gnutls versions 0.5.10 and earlier **Description** The issue concerns the authentication hook in mod-gnutls, which fails to validate client certificates under certain conditions, allowing remote attackers to spoof clients by using a crafted certificate. **Recommendations** For mod-gnutls versions 0.5.10 and earlier, consider updating to a version where this issue is fixed, as the current version does not properly validate client certificates when "GnuTLSClientVerify require" is set. At the moment, there is no information about a newer version that contains a fix for this vulnerability.