Marko Myllynen

**Name of the Vulnerable Software and Affected Versions** ELinks versions prior to 0.12pre6 **Description** The issue concerns the delegation of user credentials through GSSAPI when using HTTP Negotiate or GSS-Negotiate authentication. This allows remote servers to authenticate as the client via the delegated credentials, potentially leading to unauthorized access. **Recommendations** For versions prior to 0.12pre6, update to version 0.12pre6 or later to resolve the issue. As a temporary workaround, consider disabling the use of HTTP Negotiate or GSS-Negotiate authentication until a patch is available. Restrict access to sensitive resources to minimize the risk of exploitation.