[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#230999: [CAN-2003-0987] mod_digest for Apache does not properly verify the nonce of a client response by using a AuthNonce secret.

On Tue, Feb 03, 2004 at 10:37:33PM +0100, J.H.M. Dassen (Ray) wrote:

> Package: apache
> Version: 1.3.29.0.1-5
> Severity: grave
> Tags: security patch
> 
> Candidate: CAN-2003-0987
> URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0987
> Phase: Assigned (20031216)
> Category: SF
> Reference:
> CONFIRM:http://www.mail-archive.com/dev@httpd.apache.org/msg19007.html
> Reference:
> CONFIRM:http://www.mail-archive.com/dev@httpd.apache.org/msg19014.html
> 
> mod_digest for Apache does not properly verify the nonce of a client
> response by using a AuthNonce secret.
> 
> 
> Current Votes:
> None (candidate not yet proposed)

Can anyone explain the true impact of this bug?  The fix looks rather
intrusive.

-- 
 - mdz
Reply to: