CVE-2020-35489 is a vulnerability in the mod_auth_openidc module for Apache HTTP Server, which enables OpenID Connect authentication. It allows an attacker to bypass access restrictions by manipulating session cookies, potentially granting unauthorized access to protected resources. This flaw arises from improper validation of session state and was patched in later versions of the module.
[Read More]