PT-2013-1683 · Elinks+3 · Elinks+3

Marko Myllynen

Publicado

2013-01-03

Atualizado

2022-12-30

CVE-2012-4545

CVSS v2.0

5.1

Média

Vetor

AV:N/AC:H/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions ELinks versions prior to 0.12pre6

Description The issue concerns the delegation of user credentials through GSSAPI when using HTTP Negotiate or GSS-Negotiate authentication. This allows remote servers to authenticate as the client via the delegated credentials, potentially leading to unauthorized access.

Recommendations For versions prior to 0.12pre6, update to version 0.12pre6 or later to resolve the issue. As a temporary workaround, consider disabling the use of HTTP Negotiate or GSS-Negotiate authentication until a patch is available. Restrict access to sensitive resources to minimize the risk of exploitation.

Correção

Improper Authentication

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-287

Identificadores relacionados

ALT-PU-2019-2699

ALT-PU-2020-3033

ALT-PU-2022-3440

CESA-2013_0250

CVE-2012-4545

DSA-2592-1

RHSA-2013:0250

RHSA-2013_0250

Produtos afetados

Alt Linux

Centos

Elinks

Red Hat

PT-2013-1683 · Elinks+3 · Elinks+3

CVE-2012-4545

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 26