登录查看更多内容

Curl Vulnerability Let Attackers Access Sensitive Information

Cyber Security News ?

#1 World's Most Followed Cyber Security News Platform

发布日期: 2024年12月16日

A critical security flaw has been discovered in the popular data transfer tool Curl, potentially allowing attackers to access sensitive information.

The vulnerability, identified as CVE-2024-11053, affects curl versions 6.5 through 8.11.0 and could lead to the exposure of passwords to unauthorized parties.

The security issue arises when curl is configured to use both a .netrc file for credentials and follow HTTP redirects. Under specific circumstances, curl could leak the password used for the initial host to the redirected host. This vulnerability occurs when:

The .netrc file contains an entry matching the redirect target hostname
The entry either omits the password or both the login and password

For example, if a curl transfer to a.tld redirects to b.tld, and the .netrc file has an entry for b.tld without a password, curl would erroneously pass the password from a.tld to b.tld.

Cyber Security News

291,687 位关注者

Victor Appiah-Nkwantabisa CISA

CISA | Security +| Network +l CISM| AWS

3 个月

Insightful

Ashwini Nagabooshanam

Research Scholar

3 个月

"Timely disclosure and clear mitigation steps by the Curl team demonstrate excellent handling of this vulnerability—commendable work!"

1 次回应

MARK Lodge

3 个月

???????

hadijah Abdullah

--Network Engineering/Administration

3 个月

Very informative and Insightful

1 次回应

查看更多评论

要查看或添加评论，请登录

Cyber Security News ?的更多文章

See all articles

Curl Vulnerability Let Attackers Access Sensitive Information

Cyber Security News ?

#1 World's Most Followed Cyber Security News Platform

Cyber Security News

291,687 位关注者

Cyber Security News ?的更多文章

社区洞察

其他会员也浏览了

The Vulnerability Hype Cycle

New WinRAR Vulnerability Could Allow Hackers to Take Control of Your PC

Fortinet Warns of Active Exploitation of Newly Discovered Critical Auth Bypass Bug

SSL Certificate Visibility: 6 Things You Need to Know

Stay Cyber-Savvy with the Bits & Bytes Newsletter

The roadmap towards protecting high value student data: a mini-series.

10 Malicious NPM Packages Exposed by Xygeni

How to define entry points to solution: Building Threat Models and Attack Trees

Zero-Trust

A thought about the essence of vulnerability

Cyber Security News

291,687 位关注者

Cyber Security News ?的更多文章

SOC Solutions: Go In-House, Augment, or Outsource?

The Ultimate MDR Buyer's Guide: A Vendor-Agnostic Guide to Selecting the Right 24/7 Provider

Cybersecurity Weekly Recap: Key Updates on Attacks, Vulnerabilities, & Data Breaches

The Managed SIEM Pricing 2025: The Guide for Best Cost and Value

As an SOC/DFIR Team Member, How to Analyse Real-Time Linux Malware Network Traffic

Free Webinar! - Mastering in API Security in 2025

Free SOC Webinar - Better SOC with Interactive Malware Sandbox, Practical Use Cases 2025

Free SOC Webinar - Better SOC with Interactive Malware Sandbox, Practical Use Cases 2025

Cybersecurity Weekly Recap: Latest on Attacks, Vulnerabilities, & Data Breaches

Security Researchers Now Analyse Any URL With ANY.RUN Safebrowsing Tool for Free

社区洞察

其他会员也浏览了

The Vulnerability Hype Cycle

New WinRAR Vulnerability Could Allow Hackers to Take Control of Your PC

Fortinet Warns of Active Exploitation of Newly Discovered Critical Auth Bypass Bug

SSL Certificate Visibility: 6 Things You Need to Know

Stay Cyber-Savvy with the Bits & Bytes Newsletter

The roadmap towards protecting high value student data: a mini-series.

10 Malicious NPM Packages Exposed by Xygeni

How to define entry points to solution: Building Threat Models and Attack Trees

Zero-Trust

A thought about the essence of vulnerability