cURL / Mailing Lists / curl-library / Single Mail

curl-library

RE: Bug with NTLM implementation

From: Yehezkel Horowitz <horowity_at_checkpoint.com>
Date: Tue, 7 Jan 2014 10:16:45 +0000

> If a connection is established to a server and authenticated via NTLM,
> and one changes the CURLOPT_USERNAME or CURLOPT_PASSWORD, keeping the
> URL the same, libcurl re-uses the older authenticated connection,
> effectively ignoring the new user.

Isn't this a security issue (which we should announce and report)?

Yehezkel Horowitz

-------------------------------------------------------------------
List admin: http://cool.haxx.se/list/listinfo/curl-library
Etiquette: http://curl.haxx.se/mail/etiquette.html
Received on 2014-01-07