CVE-2005-2395

Published: Jul 27, 2005

Modified: Aug 7, 2024

PUBLISHED

Description

Mozilla Firefox 1.0.4 and 1.0.5 does not choose the challenge with the strongest authentication scheme available as required by RFC2617, which might cause credentials to be sent in plaintext even if an encrypted channel is available.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

19002

vdb-entry

x_refsource_OSVDB

https://bugzilla.mozilla.org/show_bug.cgi?id=281851

x_refsource_MISC

third-party-advisory

x_refsource_SREASON

20050719 Mozilla cleartext credentials leak bug report to excuse myself (Re[2]: NTLM HTTP Authentication is insecure by design - a new writeup by Amit Klein)

mailing-list

x_refsource_BUGTRAQ

http://www.securiteam.com/securitynews/5PP0L00GUQ.html

x_refsource_MISC

mozilla-authentication-weakness(22272)

vdb-entry

x_refsource_XF

14325

vdb-entry

x_refsource_BID

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2005-2395

Description

Affected Products

References