Vous êtes ici : Squid - and Digest Authentication -
Frédéric Bourgeois Rennes

Squid - and Digest Authentication -

Squid
Bug Hunter's Diary:

I'm happy to announce that this release fixes several critical bugs about Digest authentication.
Well, I can go cure my headache now ...

* Regression Bug #4176: Digest auth too many helper lookups Squid 3.5.2

It was found that the Digest authentication helper was being called to validate credentials on every client request regardless of an appropriate TTL or nonce re-use counter being available.
This release decreases CPU usage and improves latency of client traffic on all installations using Digest authentication.

* Bug #4066: Digest auth nonce indefinite rollover Squid 3.4.12/3.5.2

This bug prevented the backend authentication system being contacted to re-verify user credentials after their TTL has expired. Making it near impossible to kick off an active user by closing their account or changing password.

Please note that while this does have a security impact it is NOT being considerd for an advisory with CVE rating since the user has to properly authenticate before they can abuse this.

A big Thank You to Frederic Bourgeois for tracking this one down.

From: Amos Jeffries [squid-announce]

All users of Squid are encouraged to upgrade to this release as soon as
possible.

Ecrit par FredB le 25/02/2015 @ 10:39

Tous les articles sur ce sujet



Pas de commentaireAjouter un commentaire

Mes projets :


Mon Github


e2guardian

Tous les articles

Copinage:


Me payer un café ?

Offer me a coffee ?


Si vous utilisez régulièrement mes logiciels:
- Vrrpd
- Ftp-proxy
- Livemamecab
- DansGuardian
- etc
Vous pouvez participer à l'achat de café et à l'hébergement du site Vous n'avez pas besoin d'un compte Paypal pour faire un don.
Like my work ? Donate !
Easy with or without a PayPal account.


Proverbe aléatoire à méditer, ou pas :
Noël en Décembre, Pâques au Rabanne
- [ Powered by du bricolage en PHP et du café | Thème : Light Blue par Vanquish ] -
© Frédéric Bourgeois Rennes, tous droits réservés - Reproduction interdite.

Administrer
Attention les informations ne sont données qu'à titre indicatif (surtout le proverbe).