On Thu, Jun 06, 2002 at 11:03:46AM +0530, Shanker Balan wrote: > Binand Raj S. wrote, > > Note that this one has a remotely exploitable vulnerability in it; > > Didnt notice Raju reporting that. Here is the bugtraq advisory. > > The browser sends the username/password pair to the proxy in clear > text. It does not get easier to exploit than this! ;)
This is a remotely exploitable vulnerability. Which means that an attacker can execute code with the privileges of the userid with which squid is running (squid.squid on my RHL 7.2 proxy). Binand _______________________________________________________________ Don't miss the 2002 Sprint PCS Application Developer's Conference August 25-28 in Las Vegas -- http://devcon.sprintpcs.com/adp/index.cfm _______________________________________________ linux-india-help mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/linux-india-help
