Nmap Development mailing list archives

Previous By Date Next
Previous By Thread Next

Ncat HTTP proxy Digest: honor "algorithm" param

From: David Fifield <david () bamsoftware com>
Date: Fri, 1 Feb 2019 13:06:23 -0700
I noticed a copy-and-paste error in the Ncat HTTP proxy Digest
authentication. An unknown algorithm in credentials like
algorithm="foobar" was still being treated as ALGORITHM_MD5.

That led me to find that the server was not even checking the algorithm
param, and always acting as if it were ALGORITHM_MD5.

This patch fixes the copy-and-paste error and makes it so that
Proxy-Authenticate and Proxy-Authorization headers that have an unknown
algorithm are ignored.

Attachment: 0001-Ncat-HTTP-proxy-Digest-check-the-algorithm-auth-para.patch
Description: 

_______________________________________________
Sent through the dev mailing list
https://nmap.org/mailman/listinfo/dev
Archived at http://seclists.org/nmap-dev/
Previous By Date Next
Previous By Thread Next

Current thread: