A critical flaw in Apache mod_auth_openidc (versions ≤2.4.16.10) allows unauthenticated attackers to bypass authentication and access protected resources. The bug, CVE-2025-31492, patched in version 2.4.16.11, affects systems using OIDCProviderAuthRequestMethod POST without an application-level gateway or load balancer. Technical Breakdown The vulnerability stems from improper handling of authentication requests when the POST method is configured. Under specific conditions: Attackers triggering a request […]

The post Apache mod_auth_openidc Flaw Lets Unauthenticated Users Access Protected Data appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Divya

Source: gbHackers
Source Link: https://gbhackers.com/apache-mod_auth_openidc-flaw/