oss-sec mailing list archives
CVE Request: squid: Nonce replay vulnerability in Digest authentication
From: Huzaifa Sidhpurwala <huzaifas () redhat com>
Date: Thu, 1 Oct 2015 07:52:25 +0530
Hello MITRE, Upstream fixed a security issue in digest_authentication [1] that can allow disabled user or users with changed password to access the squid service with old credentials. Upstream patch for Squid 3.4: http://bazaar.launchpad.net/~squid/squid/3.4/revision/13211 Upstream patch for Squid 3.5: http://bazaar.launchpad.net/~squid/squid/3.5/revision/13735 [1]: http://bugs.squid-cache.org/show_bug.cgi?id=4066 Can you please assign a CVE id to this issue? -- Huzaifa Sidhpurwala / Red Hat Product Security Team
Current thread:
- CVE Request: squid: Nonce replay vulnerability in Digest authentication Huzaifa Sidhpurwala (Sep 30)