3proxy user account locking

2007-02-08T00:00:00
ID SECURITYVULNS:VULN:7199
Type securityvulns
Reporter SECURITYVULNS
Modified 2007-02-08T00:00:00

Description

It's possible to lock user's account if user's password is stored as NT-hash via HTTP proxy. Service restart or configuration reload is required to restore account in working state. In addition, Basic authentication is offered as first authentication protocol, it can lead to shoosing weak (cleartext) authentication protocol even if stronger one (NTLM) supported. Vulnerability is fixed in 0.5.3 version.