Vigil@nce - Apache HttpComponents HttpClient: obtaining proxy password
March 2011 by Vigil@nce
This bulletin was written by Vigil@nce : http://vigilance.fr/
SYNTHESIS OF THE VULNERABILITY
When HttpClient connects to a proxy requiring an authentication,
the login and password are sent to the remote server.
Severity: 2/4
Creation date: 21/03/2011
IMPACTED PRODUCTS
– Apache HttpComponents HttpClient
DESCRIPTION OF THE VULNERABILITY
The Apache HttpComponents HttpClient product implements the HTTP
protocol.
An HTTP authentication uses:
– the Authorization header to authenticate on a remote server
– the Proxy-Authorization header to authenticate on the
intermediate proxy
When SSL (https) is used, the Proxy-Authorization header is used
to require the proxy to open a session to the remote server.
However, HttpClient also adds the Proxy-Authorization header to
the HTTP session tunneled by SSL. The remote server thus receives
the login and the password of the proxy.
When HttpClient connects to a proxy requiring an authentication,
the login and password are therefore sent to the remote server.
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
http://vigilance.fr/vulnerability/Apache-HttpComponents-HttpClient-obtaining-proxy-password-10465