Date: Thu, 14 Nov 2013 23:33:54 +0100 From: Tomas Hoger <thoger@...hat.com> To: oss-security@...ts.openwall.com Subject: mod_nss FakeBasicAuth authentication bypass Hi! A FakeBasicAuth authentication bypass issue was reported for mod_nss some time ago: https://www.redhat.com/archives/mod_nss-list/2011-May/msg00001.html The issue was fixed in upstream git: https://git.fedorahosted.org/cgit/mod_nss.git/commit/?id=a6c3370491ae1d3bc552e8de9353c82f73e510e3 but there was no new release of mod_nss since to include the fix. The issue now got CVE-2011-4973 assigned. Note that the fix changes the user name that needs to be specified in htpasswd when using FakeBasicAuth. -- Tomas Hoger / Red Hat Security Response Team
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.