Nmap Development mailing list archives
Ncat HTTP proxy Digest: honor "algorithm" param
From: David Fifield <david () bamsoftware com>
Date: Fri, 1 Feb 2019 13:06:23 -0700
I noticed a copy-and-paste error in the Ncat HTTP proxy Digest authentication. An unknown algorithm in credentials like algorithm="foobar" was still being treated as ALGORITHM_MD5. That led me to find that the server was not even checking the algorithm param, and always acting as if it were ALGORITHM_MD5. This patch fixes the copy-and-paste error and makes it so that Proxy-Authenticate and Proxy-Authorization headers that have an unknown algorithm are ignored.
Attachment:
0001-Ncat-HTTP-proxy-Digest-check-the-algorithm-auth-para.patch
Description:
_______________________________________________ Sent through the dev mailing list https://nmap.org/mailman/listinfo/dev Archived at http://seclists.org/nmap-dev/
Current thread:
- Ncat HTTP proxy Digest: honor "algorithm" param David Fifield (Feb 01)