PT-2013-1683 · Elinks+3 · Elinks+3

Marko Myllynen

Published

2013-01-03

Updated

2022-12-30

CVE-2012-4545

CVSS v2.0

5.1

Medium

Vector

AV:N/AC:H/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions ELinks versions prior to 0.12pre6

Description The issue concerns the delegation of user credentials through GSSAPI when using HTTP Negotiate or GSS-Negotiate authentication. This allows remote servers to authenticate as the client via the delegated credentials, potentially leading to unauthorized access.

Recommendations For versions prior to 0.12pre6, update to version 0.12pre6 or later to resolve the issue. As a temporary workaround, consider disabling the use of HTTP Negotiate or GSS-Negotiate authentication until a patch is available. Restrict access to sensitive resources to minimize the risk of exploitation.

Fix

Improper Authentication

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-287

Related Identifiers

ALT-PU-2019-2699

ALT-PU-2020-3033

ALT-PU-2022-3440

CESA-2013_0250

CVE-2012-4545

DSA-2592-1

RHSA-2013:0250

RHSA-2013_0250

Affected Products

Alt Linux

Centos

Elinks

Red Hat

PT-2013-1683 · Elinks+3 · Elinks+3

CVE-2012-4545

Weakness Enumeration

Related Identifiers

Affected Products

References · 26