Archives
Archives
| From: | phasma <phasma@×××××××××××××××××××.org> | ||
|---|---|---|---|
| To: | gentoo-security@l.g.o | ||
| Subject: | [gentoo-security] Fw: Apache mod_disk_cache stores client authentication credentials on disk | ||
| Date: | Sat, 20 Mar 2004 23:31:20 | ||
| Message-Id: | E1B4pw0-0003GA-Bs@smtp.gentoo.org | ||
| In Reply to: | Re: [gentoo-security] Re: [gentoo-announce] Gentoo Linux Security Advisory 200403-03: Multiple OpenSSL Vulnerabilities by Calum |
||
| 1 | As Andreas Steinmetz reported on bugtraq. |
| 2 | |
| 3 | Summary: |
| 4 | ======== |
| 5 | |
| 6 | mod_disk_cache stores all client authentication credentials for cached |
| 7 | objects on disk. This means proxy authentication credentials as well as |
| 8 | in certain RFC2616 defined cases standard authentication credentials. |
| 9 | |
| 10 | In case of Basic Authentication *plaintext passwords* are stored on disk. |
| 11 | |
| 12 | |
| 13 | Link: http://www.securityfocus.com/archive/1/358099/2004-03-17/2004-03-23/0 |
| 14 | |
| 15 | Patch provided by author of discovery, see link. |
| 16 | |
| 17 | Regards |
| 18 | |
| 19 | ph |
| 20 | |
| 21 | |
| 22 | -- |
| 23 | gentoo-security@g.o mailing list |