Skip to main content

Credentials Management Errors

CVE-2016-8616

Severity Medium
Score 5.9/10

Summary

A flaw was found in curl versions 7.7 through 7.50.3 When re-using a connection, curl was doing case insensitive comparisons of user name and password with the existing connections. This means that if an unused connection with proper credentials exists for a protocol that has connection-scoped credentials, an attacker can cause that connection to be reused if s/he knows the case-insensitive version of the correct password.

  • HIGH
  • NETWORK
  • HIGH
  • UNCHANGED
  • NONE
  • NONE
  • NONE
  • NONE

CWE-255 - Credentials Management Errors

Weaknesses in this category are related to the management of credentials.

Advisory Timeline

  • Published