Skip to main content

Authentication Bypass by Primary Weakness


Severity High
Score 9.8/10


An authentication bypass vulnerability exists libcurl 7.22.0 through 7.88.1 in the connection reuse feature which can reuse previously established connections with incorrect user permissions due to a failure to check for changes in the "CURLOPT_GSSAPI_DELEGATION" option. This vulnerability affects "krb5/kerberos/negotiate/GSSAPI" transfers and could potentially result in unauthorized access to sensitive information. The safest option is to not reuse connections if the "CURLOPT_GSSAPI_DELEGATION" option has been changed.

  • LOW
  • HIGH
  • NONE
  • NONE
  • HIGH
  • HIGH

CWE-305 - Authentication Bypass by Primary Weakness

The authentication algorithm is sound, but the implemented mechanism can be bypassed as the result of a separate weakness that is primary to the authentication error.

Advisory Timeline

  • Published