ush.it - a beautiful place

IE 7 and Firefox Digest Authentication Request Splitting

April 25, 2007 at 4:50 pm - Filed under Insecurity, Language EN - 204 words, reading time ~0 minutes - Permalink - Comments

Stefano `wisec` Di Paola has just released a new advisory IE 7 and Firefox Browsers Digest Authentication Request Splitting, basically using the user field an attacker is able to split the request injecting arbitrary chars.

THP USH Wisec DigitalBullets