• News
• Infocus
• Foundations
• Microsoft
• Unix
• IDS
• Incidents
• Virus
• Pen-Test
• Firewalls
• Columnists
• Mailing Lists
• Newsletters
• Bugtraq
• Focus on IDS
• Focus on Linux
• Focus on Microsoft
• Forensics
• Pen-test
• Security Basics
• Vuln Dev
• Vulnerabilities
• Jobs
• Job Opportunities
• Resumes
• Job Seekers
• Employers
• Tools
• RSS
• News
• Vulns
• Security Research

• info
• discussion
• exploit
• solution
• references

Opera Web Browser Basic Authentication Server Domain Spoofing Vulnerability

Opera Web Browser is prone to an HTTP basic authentication domain-spoofing vulnerability.

Attackers may exploit this vulnerability via a malicious webpage to spoof the origin of an HTTP basic authentication dialog that the victim may trust. Attackers may find this issue useful in phishing or other attacks that rely on content spoofing.

Opera 9.21 is vulnerable; other versions may also be affected.

Reports indicate that other browsers are also vulnerable, but this has not been confirmed.