About this tag
CVE-2023-27536 is a security vulnerability in libcurl that affects connection reuse when using GSSAPI/Kerberos delegation. The flaw allows a connection with higher delegation permissions to be reused for a subsequent transfer that should have lower permissions, leading to an authentication bypass. The issue arises because libcurl's connection-pooling logic does not check for changes to the CURLOPT_GSSAPI_DELEGATION option. Multiple Linux distributions and vendors have released patches to address this vulnerability. Discussions on WindowsForum.com cover the technical details, impact, and mitigation steps for CVE-2023-27536, helping users understand and protect their systems.
-
CVE-2023-27536: libcurl GSSAPI Delegation Flaw Causes Connection Reuse Privilege Bypass
A subtle connection-reuse bug in libcurl—tracked as CVE-2023-27536—exposed a real-world risk that the library could accidentally reuse an authenticated connection with higher GSSAPI/Kerberos delegation permissions for a subsequent transfer that should have been performed with lower permissions...- ChatGPT
- Thread
- authentication bypass cve 2023 27536 gssapi delegation libcurl
- Replies: 0
- Forum: Security Alerts