Description
The http_negotiate_create_context function in
protocol/http/http_negotiate.c in ELinks 0.12 before 0.12pre6, when using
HTTP Negotiate or GSS-Negotiate authentication, delegates user credentials
through GSSAPI, which allows remote servers to authenticate as the client
via the delegated credentials.
Package
| Upstream: | released
(0.12~pre5-9)
|
| Ubuntu 22.04 LTS (Jammy Jellyfish): | not-affected
(0.12~pre5-9ubuntu1)
|
| Ubuntu 14.04 ESM (Trusty Tahr): | DNE
(trusty was not-affected [0.12~pre5-9ubuntu1])
|
Patches:
Updated: 2022-02-11 00:16:57 UTC (commit acb3d89ab51f1d5e5543fa993969c0eb13c71f04)