First published: Mon Dec 09 2024(Updated: )
When asked to both use a .netrc file for credentials and to follow HTTP redirects, curl could leak the password used for the first host to the followed-to host under certain circumstances. This flaw only manifests itself if the netrc file matches the redirect target hostname, but the entry omits password or both login & password. A curl transfer with `a.com` that redirects to `b.com` that uses a `.netrc` like below (with a match, but no password specified for the second host), would make curl pass on `alicespassword` as password even in the second transfer to the separate host `b.com`. ~~~ machine a.com login alice password alicespassword default login bob ~~~
Affected Software | Affected Version | How to fix |
---|---|---|
Curl |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The severity of REDHAT-BUG-2331191 is categorized as moderate.
To fix REDHAT-BUG-2331191, update to the latest version of curl that includes the security patch addressing this vulnerability.
Users of curl who utilize a .netrc file for credentials and follow HTTP redirects may be affected by REDHAT-BUG-2331191.
REDHAT-BUG-2331191 occurs when curl is directed to follow an HTTP redirect while using a .netrc file, leading to potential leakage of credentials.
Yes, REDHAT-BUG-2331191 can be exploited remotely if the conditions involving URL redirection and .netrc file usage are met.