ELinks HTTPS POST Request Information Disclosure Weakness

ELinks is prone to an information disclosure weakness.

In certain circumstances, the application may not encrypt HTTP POST data sent to servers using SSL.

This issue creates a false sense of security for a user because they may assume that sensitive data is being encrypted before it is sent to the remote server.

Versions prior to ELinks 0.11.3 are vulnerable to this issue.


 

Privacy Statement
Copyright 2010, SecurityFocus