[Webappsec] [WEB SECURITY] IE 7 and Firefox Browsers Digest Authentication Request Splitting
Andy Steingruebl
steingra at gmail.com
Wed Apr 25 23:21:35 EDT 2007
Sorry, my original response completely missed the point of your piece.
Apologies.
- Andy
On 4/25/07, Stefano Di Paola <stefano.dipaola at wisec.it> wrote:
> Hi Andy,
>
> The web page running Digest authentication is an evil page.
> The attacker controls the page send the 401 response.
>
> Then in presence of a proxy the split is satisfied and accomplished.
>
> Il giorno mer, 25/04/2007 alle 14.12 -0700, Andy Steingruebl ha scritto:
> > Now all you have to do is find a site running HTTP digest
> > authentication. Care to speculate on the count of those?
> >
> --
> ...oOOo...oOOo....
> Stefano Di Paola
> Software & Security Engineer
>
> Web: www.wisec.it
> ..................
>
>
--
Andy Steingruebl
steingra at gmail.com
More information about the Webappsec
mailing list