Skip to main content

Insufficiently Protected Credentials

CVE-2022-27776

Severity Medium
Score 6.5/10

Summary

A insufficiently protected credentials vulnerability in curl might leak authentication or cookie header data on HTTP redirects to the same host but another port number. This issue affects versions 4.9 through 7.82.0.

  • LOW
  • NETWORK
  • NONE
  • UNCHANGED
  • REQUIRED
  • NONE
  • HIGH
  • NONE

CWE-522 - Insufficiently Protected Credentials

The product transmits or stores authentication credentials, but it uses an insecure method that is susceptible to unauthorized interception and/or retrieval.

Advisory Timeline

  • Published