cURL / Mailing Lists / curl-library / Single Mail


RE: Bug with NTLM implementation

From: Yehezkel Horowitz <>
Date: Tue, 7 Jan 2014 10:16:45 +0000

> If a connection is established to a server and authenticated via NTLM,
> and one changes the CURLOPT_USERNAME or CURLOPT_PASSWORD, keeping the
> URL the same, libcurl re-uses the older authenticated connection,
> effectively ignoring the new user.

Isn't this a security issue (which we should announce and report)?

Yehezkel Horowitz

List admin:
Received on 2014-01-07