From: | phasma <phasma@×××××××××××××××××××.org> | ||
---|---|---|---|
To: | gentoo-security@l.g.o | ||
Subject: | [gentoo-security] Fw: Apache mod_disk_cache stores client authentication credentials on disk | ||
Date: | Sat, 20 Mar 2004 23:31:20 | ||
Message-Id: | E1B4pw0-0003GA-Bs@smtp.gentoo.org | ||
In Reply to: | Re: [gentoo-security] Re: [gentoo-announce] Gentoo Linux Security Advisory 200403-03: Multiple OpenSSL Vulnerabilities by Calum |
1 | As Andreas Steinmetz reported on bugtraq. |
2 | |
3 | Summary: |
4 | ======== |
5 | |
6 | mod_disk_cache stores all client authentication credentials for cached |
7 | objects on disk. This means proxy authentication credentials as well as |
8 | in certain RFC2616 defined cases standard authentication credentials. |
9 | |
10 | In case of Basic Authentication *plaintext passwords* are stored on disk. |
11 | |
12 | |
13 | Link: http://www.securityfocus.com/archive/1/358099/2004-03-17/2004-03-23/0 |
14 | |
15 | Patch provided by author of discovery, see link. |
16 | |
17 | Regards |
18 | |
19 | ph |
20 | |
21 | |
22 | -- |
23 | gentoo-security@g.o mailing list |