Authentication Flaw in Curl Affects Multiple Versions
CVE-2016-8616
3.7LOW
What is CVE-2016-8616?
A vulnerability exists in versions of curl prior to 7.51.0, where case insensitive comparisons of usernames and passwords are conducted when reusing connections. This flaw allows an attacker who knows a case-insensitive variation of the correct password to potentially exploit an existing connection with valid credentials. If an unused connection with proper credentials exists for protocols that use connection-scoped credentials, an unauthorized user could gain access by reusing this connection without properly authenticating.
Affected Version(s)
curl 7.51.0