Moderate: mod_auth_openidc:2.3 security update

The mod_auth_openidc is an OpenID Connect authentication module for Apache HTTP Server. It enables an Apache HTTP Server to operate as an OpenID Connect Relying Party and/or OAuth 2.0 Resource Server. ...

Continue Reading
[SECURITY] Fedora 36 Update: mod_auth_openidc-2.4.9.4-1.fc36

This module enables an Apache 2.x web server to operate as an OpenID Connect Relying Party and/or OAuth 2.0 Resource Server.Read More ...

Continue Reading
Heroku Forces User Password Resets Following GitHub OAuth Token Theft

[![Heroku Forces User Password Resets](https://thehackernews.com/new-images/img/b/R29vZ2xl/AVvXsEg15Z2d_xS5elVdgf0xSUYqiHRPanhvDc3o8p0Vx09SlFdq1BQDAfW13mhR2zYu63dhu11Dj1cdPhHiHiFtH5bPgZ6_Iv97KMZMz_d4j ...

Continue Reading
CVE-2021-22573

The vulnerability is that IDToken verifier does not verify if token is properly signed. Signature verification makes sure that the token's payload comes from valid provider, not from someone else. An ...

Continue Reading
RST Threat feed. IOC: oauth-services.live

Found **oauth-services[.]live** in [RST Threat Feed](https://rs...Read More ...

Continue Reading
RST Threat feed. IOC: ssl-oauth.com

Found **ssl-oauth[.]com** in [RST Threat Feed](https://rstcloud...Read More ...

Continue Reading
JVN#15317878: Spring Security OAuth (spring-security-oauth2) vulnerable to denial-of-service (DoS)

Spring Security OAuth (spring-security-oauth2) provided by VMware, Inc. contains a denial-of-service vulnerability due to uncontrolled resource consumption ([CWE-400]()). Note that Spring Security OAu ...

Continue Reading
High-Severity Bug Reported in Google’s OAuth Client Library for Java

[![Google's OAuth Client Library for Java](https://thehackernews.com/new-images/img/b/R29vZ2xl/AVvXsEjALy9QMXTUv6ySyu_gytORGXUFbFnfcP5yvZm5Q_Kh3izl6dVLvh3ErdT7eMropcP3J1HII1l5Ugb9f29fbOB2ExRE5EcKbo68O ...

Continue Reading

Back to Main

Subscribe for the latest news: