cURL -- inappropriate GSSAPI delegation

ID 9AECB94C-C1AD-11E3-A5AC-001B21614864
Type freebsd
Reporter FreeBSD
Modified 2014-04-30T00:00:00


cURL reports:

When doing GSSAPI authentication, libcurl unconditionally performs credential delegation. This hands the server a copy of the client's security credentials, allowing the server to impersonate the client to any other using the same GSSAPI mechanism.