Credentials Management Errors

CVE-2011-2192

High

8.2/10

Summary

The "Curl_input_negotiate" function in "http_negotiate.c" in libcurl 7.10.6 through 7.21.6, as used in curl and other products, always performs credential delegation during GSSAPI authentication, which allows remote servers to impersonate clients via GSSAPI requests.

Attack Complexity: LOW
Attack Vector: NETWORK
Integrity Impact: NONE
Scope: UNCHANGED
User Interaction: NONE
Privileges Required: NONE
Confidentiality Impact: HIGH
Availability Impact: LOW

CWE-255 - Credentials Management Errors

Weaknesses in this category are related to the management of credentials.

References

Advisory
Release Note

Advisory Timeline

Published Jul 07, 2011

Credentials Management Errors

CVE-2011-2192

Summary

CWE-255 - Credentials Management Errors

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS