Browser responds to proxy auth request from non-proxy server (ssl/https) — Mozilla

If a proxy is configured the browser would respond to a 407 proxy auth request from any SSL-connected server rather than only responding to the configured proxy server. This could leak NTLM or SPNEGO credentials outside the organization...

Apache mod_disk_cache stores client authentication credentials on disk

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Summary: ======== moddiskcache stores all client authentication credentials for cached objects on disk. This means proxy authentication credentials as well as in certain RFC2616 defined cases standard authentication credentials. In case of Basic...