Web browsers and operating systems making a HTTPS request via a proxy server are vulnerable to man-in-the-middle (MITM) attacks against HTTP CONNECT requests and proxy response messages. HTTP CONNECT requests are made in clear text over HTTP, meaning an attacker in the position to modify proxy traffic may force the use of 407 Proxy Authentication Required responses to phish for credentials.
Apply an update
Avoid untrusted networks
Arista Networks, Inc.
DragonFly BSD Project
F5 Networks, Inc.
Hewlett Packard Enterprise
QNX Software Systems Inc.
Red Hat, Inc.
Slackware Linux Inc.
Thanks to Jerry Decime for reporting these vulnerabilities.
This document was written by Joel Land.
|Date First Published:||2016-08-15|
|Date Last Updated:||2018-04-04 18:12 UTC|