curl-library
RE: Bug with NTLM implementation
From: Yehezkel Horowitz <horowity_at_checkpoint.com>
Date: Tue, 7 Jan 2014 10:16:45 +0000
Date: Tue, 7 Jan 2014 10:16:45 +0000
> If a connection is established to a server and authenticated via NTLM,
> and one changes the CURLOPT_USERNAME or CURLOPT_PASSWORD, keeping the
> URL the same, libcurl re-uses the older authenticated connection,
> effectively ignoring the new user.
Isn't this a security issue (which we should announce and report)?
Yehezkel Horowitz
-------------------------------------------------------------------
List admin: http://cool.haxx.se/list/listinfo/curl-library
Etiquette: http://curl.haxx.se/mail/etiquette.html
Received on 2014-01-07