subject:"Bug#230999\: \[CAN\-2003\-0987\] mod_digest for Apache does not properly verify the nonce of a client response by using a AuthNonce secret."

Bug#230999: [CAN-2003-0987] mod_digest for Apache does not properly verify the nonce of a client response by using a AuthNonce secret.

2004-02-04 Thread Matt Zimmerman

On Tue, Feb 03, 2004 at 10:37:33PM +0100, J.H.M. Dassen (Ray) wrote: Package: apache Version: 1.3.29.0.1-5 Severity: grave Tags: security patch Candidate: CAN-2003-0987 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0987 Phase: Assigned (20031216) Category: SF Reference:

Bug#230999: [CAN-2003-0987] mod_digest for Apache does not properly verify the nonce of a client response by using a AuthNonce secret.

2004-02-04 Thread J.H.M. Dassen (Ray)

On Tue, Feb 03, 2004 at 14:05:25 -0800, Matt Zimmerman wrote: mod_digest for Apache does not properly verify the nonce of a client response by using a AuthNonce secret. Can anyone explain the true impact of this bug? I'm not sure, but this is my best guess/interpretation from googling