oss-sec mailing list archives

Previous By Date Next
Previous By Thread Next

CVE Request: squid: Nonce replay vulnerability in Digest authentication

From: Huzaifa Sidhpurwala <huzaifas () redhat com>
Date: Thu, 1 Oct 2015 07:52:25 +0530
Hello MITRE,

Upstream fixed a security issue in digest_authentication [1] that can
allow disabled user or users with changed password to access the squid
service with old credentials.
Upstream patch for Squid 3.4:
http://bazaar.launchpad.net/~squid/squid/3.4/revision/13211
Upstream patch for Squid 3.5:
http://bazaar.launchpad.net/~squid/squid/3.5/revision/13735

[1]: http://bugs.squid-cache.org/show_bug.cgi?id=4066


Can you please assign a CVE id to this issue?


-- 
Huzaifa Sidhpurwala / Red Hat Product Security Team
Previous By Date Next
Previous By Thread Next

Current thread: