A flaw was found in Libsoup. The server-side digest authentication implementation in the SoupAuthDomainDigest class does not properly track…
redhat·CWE-323·Published 2026-03-12
A flaw was found in Libsoup. The server-side digest authentication implementation in the SoupAuthDomainDigest class does not properly track issued nonces or enforce the required incrementing nonce-count (nc) attribute. This vulnerability allows a remote attacker to capture a single valid authentication header and replay it repeatedly. Consequently, the attacker can bypass authentication and gain unauthorized access to protected resources, impersonating the legitimate user.
A flaw was found in Libsoup. The server-side digest authentication implementation in the SoupAuthDomainDigest class does not properly track issued nonces or enforce the required incrementing nonce-count (nc) attribute. This vulnerability allows a remote attacker to capture a single valid authentication header and replay it repeatedly. Consequently, the attacker can bypass authentication and gain unauthorized access to protected resources, impersonating the legitimate user.
Se encontró una falla en Libsoup. La implementación de autenticación digest del lado del servidor en la clase SoupAuthDomainDigest no rastrea adecuadamente los nonces emitidos ni aplica el atributo nonce-count (nc) incremental requerido. Esta vulnerabilidad permite a un atacante remoto capturar un único encabezado de autenticación válido y reproducirlo repetidamente. En consecuencia, el atacante puede eludir la autenticación y obtener acceso no autorizado a recursos protegidos, suplantando al usuario legítimo.
| Version | Type | Source | Base | Exp | Impact | Vector |
|---|---|---|---|---|---|---|
| 3.1 | Primary | NVD | 7.3 | 3.9 | 3.4 | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L |
| 3.1 | Primary | cve.org | 5.8 | — | — | CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:L |
| 3.1 | Primary | cve.org | 5.8 | — | — | CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:L |
| 3.1 | Secondary | NVD | 5.8 | 1.6 | 3.7 | CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:L |