Описание
A flaw was found in Libsoup. The server-side digest authentication implementation in the SoupAuthDomainDigest class does not properly track issued nonces or enforce the required incrementing nonce-count (nc) attribute. This vulnerability allows a remote attacker to capture a single valid authentication header and replay it repeatedly. Consequently, the attacker can bypass authentication and gain unauthorized access to protected resources, impersonating the legitimate user.
| Релиз | Статус | Примечание |
|---|---|---|
| devel | deferred | 2026-03-11 |
| esm-infra/bionic | deferred | 2026-03-11 |
| esm-infra/focal | deferred | 2026-03-11 |
| esm-infra/xenial | deferred | 2026-03-11 |
| jammy | deferred | 2026-03-11 |
| noble | deferred | 2026-03-11 |
| questing | deferred | 2026-03-11 |
| upstream | needs-triage |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| devel | deferred | 2026-03-11 |
| esm-apps/jammy | deferred | 2026-03-11 |
| jammy | deferred | 2026-03-11 |
| noble | deferred | 2026-03-11 |
| questing | deferred | 2026-03-11 |
| upstream | needs-triage |
Показывать по
Ссылки на источники
EPSS
5.8 Medium
CVSS3
Связанные уязвимости
A flaw was found in Libsoup. The server-side digest authentication implementation in the SoupAuthDomainDigest class does not properly track issued nonces or enforce the required incrementing nonce-count (nc) attribute. This vulnerability allows a remote attacker to capture a single valid authentication header and replay it repeatedly. Consequently, the attacker can bypass authentication and gain unauthorized access to protected resources, impersonating the legitimate user.
A flaw was found in Libsoup. The server-side digest authentication implementation in the SoupAuthDomainDigest class does not properly track issued nonces or enforce the required incrementing nonce-count (nc) attribute. This vulnerability allows a remote attacker to capture a single valid authentication header and replay it repeatedly. Consequently, the attacker can bypass authentication and gain unauthorized access to protected resources, impersonating the legitimate user.
Libsoup: libsoup: authentication bypass via digest authentication replay attack
A flaw was found in Libsoup. The server-side digest authentication imp ...
A flaw was found in Libsoup. The server-side digest authentication implementation in the SoupAuthDomainDigest class does not properly track issued nonces or enforce the required incrementing nonce-count (nc) attribute. This vulnerability allows a remote attacker to capture a single valid authentication header and replay it repeatedly. Consequently, the attacker can bypass authentication and gain unauthorized access to protected resources, impersonating the legitimate user.
EPSS
5.8 Medium
CVSS3