Mozilla Firefox 1.0.4 and 1.0.5 does not choose the challenge with the strongest authentication scheme available as required by RFC2617, which might cause credentials to be sent in plaintext even if an encrypted channel is available.
References
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2005-07-27T04:00:00
Updated: 2017-07-10T14:57:01
Reserved: 2005-07-27T00:00:00
Link: CVE-2005-2395
JSON object: View
NVD Information
Status : Modified
Published: 2005-07-27T04:00:00.000
Modified: 2017-07-11T01:32:48.923
Link: CVE-2005-2395
JSON object: View
Redhat Information
No data.
CWE