Skip to content
Commit db9f87f6 authored by Daniel Stenberg's avatar Daniel Stenberg
Browse files

When proxy authentication is used in a CONNECT request (as used for all SSL

connects and otherwise enforced tunnel-thru-proxy requests), the same
authentication header is also wrongly sent to the remote host.

The name and password can then be captured by an evil host and possibly get
used for malicious purposes.
parent 3270ea55
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment