Monday, March 11, 2013

More Proxy Authentication Fun!

As an update to my post about stealing credentials via proxy authentication requests, it looks like Chirs John Riley has found that Privoxy not only still allow this (I last tested around 2007 with the Tor bundle), but it will even pass actual proxy credentials in plain text if you're using an authenticated proxy. Ouch!

Privoxy Proxy Authentication Credential Exposure – CVE-2013-2503