oss-sec mailing list archives
Re: darkhttpd: timing attack and local leak of HTTP basic auth credentials
From: Matthias Gerstner <mgerstner () suse de>
Date: Thu, 25 Jan 2024 11:33:33 +0100
On Tue, Jan 23, 2024 at 11:39:19AM +0100, Matthias Gerstner wrote:
I requested CVEs from Mitre for the two issues found during this review. They have not been assigned yet, though. I will give an update once I know them.
Mitre assigned the CVEs by now as follows:
Basic Auth Timing Attack ========================
CVE-2024-23771
Local Leak of Authentication Parameter in Process List ======================================================
CVE-2024-23770 Cheers Matthias
Attachment:
signature.asc
Description:
Current thread:
- darkhttpd: timing attack and local leak of HTTP basic auth credentials Matthias Gerstner (Jan 23)
- Re: darkhttpd: timing attack and local leak of HTTP basic auth credentials Hanno Böck (Jan 23)
- Re: darkhttpd: timing attack and local leak of HTTP basic auth credentials Johannes Segitz (Jan 24)
- Re: darkhttpd: timing attack and local leak of HTTP basic auth credentials nightmare . yeah27 (Jan 24)
- Re: Re: darkhttpd: timing attack and local leak of HTTP basic auth credentials Anton Luka Šijanec (Jan 24)
- Re: darkhttpd: timing attack and local leak of HTTP basic auth credentials Johannes Segitz (Jan 24)
- systemd and other system services (in)compatibility with Linux procfs hidepid (was: darkhttpd: timing attack and local leak of HTTP basic auth credentials) Solar Designer (Feb 02)
- Re: darkhttpd: timing attack and local leak of HTTP basic auth credentials Hanno Böck (Jan 23)
- Re: darkhttpd: timing attack and local leak of HTTP basic auth credentials Matthias Gerstner (Jan 25)