We got another "critical vulnerability" on #curl reported. I figured you might enjoy it. "The authentication mechanism in cURL does not properly restrict the number of failed authentication attempts, allowing an attacker to brute-force credentials" Yawn. Away, away you go. - ThreadSky

bagder.mastodon.social.ap.brid.gy • 10 days ago

We got another "critical vulnerability" on #curl reported. I figured you might enjoy it.

"The authentication mechanism in cURL does not properly restrict the number of failed authentication attempts, allowing an attacker to brute-force credentials"

Yawn. Away, away you go.

Comments

bazzargh.hachyderm.io.ap.brid.gy•10 days ago

@bagder I'm sorry to report that #curl does not meet modern standards by storing the passwords entered into it securely. It doesn't store them at all, but the AI tells me it's wrong so...

avali.zone•9 days ago

@bagder wait, what? Like, you can run cURL repeatedly to brute force HTTP basic auth? Lmao

ComPod.mastodon.social.ap.brid.gy•10 days ago

@bagder also also it Downloads illegal content when so instructed. Must be made illegal!!11one

abeltramo.mastodon.social.ap.brid.gy•10 days ago

@bagder you should obviously `rm -rf /` after five "403 Forbidden" returned.

tekno45.bsky.social•10 days ago

Curl doesn't check if you're allowed to send traffic making it a ddos tool.

uastronomer.mastodon.monoceros.co.za.ap.brid.gy•9 days ago

@bagder Look familiar, @BigG https://mastodon.online/@AndyK1970 ?

leoncowle.hachyderm.io.ap.brid.gy•9 days ago

@bagder @uastronomer I'm struggling to wrap my head around the stupidity of this report.
🤦🏻‍♂️× ♾️

hisold.toot.io.ap.brid.gy•10 days ago

@bagder It would be funny if he added "... Which allows curl to be used for hacking purposes making it illegal und German law § 202c StGB"

DJGummikuh.mastodon.social.ap.brid.gy•10 days ago

@bagder these sound like the same breed of people that complain that they can try passwords on multiple Pages AT THE SAME TIME without those pages magically restricting them. These guys really are just good for one thing in life and that is being ridiculed 😅

MegaMichelle.a2mi.social.ap.brid.gy•9 days ago

@bagder

Curl does not properly detect whether the user has evil in their heart.

yawaramin.bsky.social•10 days ago

My prediction: there will be a report like 'curl allows using HTTPS which is proven insecure due to issues like Heartbleed'

Comments

Posting Rules

Reply