Hello: Binand Raj S. wrote, > Note that this one has a remotely exploitable vulnerability in it; > Didnt notice Raju reporting that. Here is the bugtraq advisory.
The browser sends the username/password pair to the proxy in clear text. It does not get easier to exploit than this! ;) Anyway, Squid 2.5 has an implementation of MS's NTLM proxy authentication. I dont think non MS browsers support NT/LM auth. See http://squid.sourceforge.net/projects.html#ntlm To the OP, avoid proxy auth, instead implement ip/mac baced ACLs. -- Shanu http://shankerbalan.com -- Ed Sullivan will be around as long as someone else has talent. -- Fred Allen _______________________________________________________________ Don't miss the 2002 Sprint PCS Application Developer's Conference August 25-28 in Las Vegas -- http://devcon.sprintpcs.com/adp/index.cfm _______________________________________________ linux-india-help mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/linux-india-help
