curl / Docs / Security / Proxy Authentication Header Information Leakage

Proxy Authentication Header Information Leakage

Proxy Authentication Header Information Leakage

Date:August 3, 2003
IDBID 8432
Affected versions7.1 to and including 7.10.6
Not affected versions7.10.7 and later

When curl connected to a site via an HTTP proxy with the CONNECT request, the user and password used for the proxy connection was also sent off to the remote server.