Computer Security
[EN] securityvulns.ru no-pyccku


elinks authentication relaing
Published:02.01.2013
Source:
SecurityVulns ID:12796
Type:client
Threat Level:
5/10
Description:Incorrect user credentials delegation in GSS.
Affected:ELINKS : elinks 0.12
CVE:CVE-2012-4545 (The http_negotiate_create_context function in protocol/http/http_negotiate.c in ELinks 0.12 before 0.12pre6, when using HTTP Negotiate or GSS-Negotiate authentication, delegates user credentials through GSSAPI, which allows remote servers to authenticate as the client via the delegated credentials.)
Original documentdocumentDEBIAN, [SECURITY] [DSA 2592-1] elinks security update (02.01.2013)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod