Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:
edgeos



Bugtraq: Communicator 4.04 little bug

Communicator 4.04 little bug

From: Kenobi <kenobi_at_PULHAS.ORG>
Date: Sun, 7 Dec 1997 18:34:30 +0000

hi!

i was testing some stuff with Digest Authentication and notice this little
problem with Communicator 4.04 (Tested on Linux and NT). IE3.02 (the only
available around here) does not experience this problem.

Apparently Communicator does not suport Digest Auth but it still accepts
the challenge. After the user enter his username and password, Communicator
sends it to the server but obfuscated with Basic.

Now, if you set up a site protected with Digest, you would expect the
password not to travel plaintext (basic is plaintext) on the network, but
that is what happens.

the correct procedure would be to fail right there when he receives the
WWW-Authenticate: Digest header, like IE does. 

--
Kenobi, JAPH BOFH Not-Eng
http://www.pulhas.org/~kenobi/
kenobi_at_pulhas.org
 -- I dunno, I dream in Perl, sometimes -- LWall
Received on Dec 07 1997
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]