privoxy -- malicious server spoofing as proxy vulnerability

ID AD82B0E9-C3D6-11E5-B5FE-002590263BF5
Type freebsd
Reporter FreeBSD
Modified 2013-03-07T00:00:00


Privoxy Developers reports:

Proxy authentication headers are removed unless the new directive enable-proxy-authentication-forwarding is used. Forwarding the headers potentially allows malicious sites to trick the user into providing them with login information. Reported by Chris John Riley.