oss-sec mailing list archives

Re: darkhttpd: timing attack and local leak of HTTP basic auth credentials

From: nightmare.yeah27 () aceecat org
Date: Wed, 24 Jan 2024 09:39:38 -0800

Do not the various implementations of the *ident* protocol (example: oidentd)
rely on this interface? They are often, or always, intentionally configured
to run as nobody or a dedicated UID.

-- 
Ian

Current thread:

darkhttpd: timing attack and local leak of HTTP basic auth credentials Matthias Gerstner (Jan 23)
- Re: darkhttpd: timing attack and local leak of HTTP basic auth credentials Hanno Böck (Jan 23)
  - Re: darkhttpd: timing attack and local leak of HTTP basic auth credentials Johannes Segitz (Jan 24)
    - Re: darkhttpd: timing attack and local leak of HTTP basic auth credentials nightmare . yeah27 (Jan 24)
    - Re: Re: darkhttpd: timing attack and local leak of HTTP basic auth credentials Anton Luka Šijanec (Jan 24)
  - systemd and other system services (in)compatibility with Linux procfs hidepid (was: darkhttpd: timing attack and local leak of HTTP basic auth credentials) Solar Designer (Feb 02)
    - Re: systemd and other system services (in)compatibility with Linux procfs hidepid (was: darkhttpd: timing attack and local leak of HTTP basic auth credentials) Matthias Gerstner (Feb 05)
- Re: darkhttpd: timing attack and local leak of HTTP basic auth credentials Matthias Gerstner (Jan 25)