curl Leak of Password in HTTP Redirects
CVE-2024-11053

3.4LOW

Key Information:

Vendor

Curl

Status
Curl
Vendor
CVE Published:
11 December 2024

What is CVE-2024-11053?

CVE-2024-11053 is a vulnerability found in the curl project, a widely used tool for transferring data with URLs. This vulnerability specifically relates to how curl manages credentials, particularly when following HTTP redirects while utilizing a .netrc file for authentication. If exploited, this issue can lead to an unintended leak of sensitive password information from the initial request to the subsequent redirected target. Organizations utilizing curl for data transfer may be negatively impacted, especially if they rely on credentials stored in the .netrc file without sufficient security measures, risking exposure of potentially critical login information.

Technical Details

The vulnerability occurs under specific conditions where curl is instructed to authenticate using a .netrc file while also following an HTTP redirect. The problem arises when an entry in the .netrc file matches the hostname to which the request is redirected, but the entry lacks the password or both the login and password fields. In these scenarios, curl could inadvertently send the password from the initial request to the target of the redirect, posing a risk of credential leakage if an attacker can manipulate the redirect or possess knowledge of the initial credentials.

Potential Impact of CVE-2024-11053

  1. Credential Exposure: If the vulnerability is exploited, sensitive passwords used in initial connections could be exposed to malicious actors, especially if they control the redirect destination or intercept the communication.

  2. Unauthorized Access: The leaking of passwords could enable unauthorized users to gain access to sensitive systems, data, or services, leading to potential data breaches and compromise of confidential information.

  3. Increased Attack Surface: As organizations often utilize curl in automated scripts and configurations, the presence of this vulnerability increases the attack surface, making systems more vulnerable to breaches and exploitation through external redirects.

Affected Version(s)

curl 8.11.0

curl 8.10.1

curl 8.10.0

References

https://curl.se/docs/CVE-2024-11053.json
https://curl.se/docs/CVE-2024-11053.html
https://hackerone.com/reports/2829063

CVSS V3.1

Score:
3.4
Severity:
LOW
Confidentiality:
Low
Integrity:
None
Availability:
Low
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
None
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Harry Sintonen
Daniel Stenberg
.