Loading...

XML

Word

Printable

Type: Bug
Resolution: Done
Priority: Major
Fix Version/s: 1.3.0.Final
Affects Version/s: 1.2.4.Final
Component/s: None
Labels:
None

Git Pull Request:
https://github.com/modcluster/mod_cluster/pull/58, https://github.com/modcluster/mod_cluster/pull/18

As wireshark hints, the message digest is always included in the message even if the advertise security key is not configured.

This would not be such a problem if the salt actually used wouldn't be random bits from the memory.

This renders the digest completely useless since it can never be verified.

blocks

MODCLUSTER-337 If HTTPd sends a digest, require digest matching

Resolved

Assignee:: Radoslav Husar

Reporter:: Radoslav Husar

Votes:: 0 Vote for this issue

Watchers:: 1 Start watching this issue

Created:: 2013/05/15 12:52 PM

Updated:: 2020/09/14 5:18 AM

Resolved:: 2014/01/29 11:33 AM