cURL -- inappropriate GSSAPI delegation

2011-06-23T00:00:00
ID 9AECB94C-C1AD-11E3-A5AC-001B21614864
Type freebsd
Reporter FreeBSD
Modified 2014-04-30T00:00:00

Description

cURL reports:

When doing GSSAPI authentication, libcurl unconditionally performs credential delegation. This hands the server a copy of the client's security credentials, allowing the server to impersonate the client to any other using the same GSSAPI mechanism.