Apache mod_digest Client-Supplied Nonce Verification Vulnerability

Patches have been released for the Apache mod_digest module to include digest replay protection. The module reportedly did not adequately verify client-supplied nonces against the server issued nonce. This could permit a remote attacker to replay the response of another website or section of the same website under some circumstances.

It should be noted that this issue does not exist in mod_auth_digest module.


 

Privacy Statement
Copyright 2010, SecurityFocus