Apache mod_disk_cache Module Client Authentication Credential Storage Weakness

Apache's mod_disk_cache module is reported to be prone to a weakness that could result in an attacker gaining access to proxy or standard authentication credentials. The mod_disk_cache module is reported to store HTTP hop-by-hop headers including user login and password information in plaintext format on disk.

An attacker could use this issue in conjunction with other possible vulnerabilities in a host to gain access to user authentication credentials. Successful exploitation of this issue may lead to further attacks against vulnerable users of the affected host.

Apache versions 2.0.49 and prior with mod_disk_cache enabled are assumed to be affected by this issue.


Privacy Statement
Copyright 2010, SecurityFocus