The Basic Authentication dialog implementation in Google Chrome before 13.0.782.107 does not properly handle strings, which might make it easier for remote attackers to capture credentials via a crafted web site.
Weakness
When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Chrome | * | 13.0.782.107 (excluding) | |
| Chromium-browser | Ubuntu | devel | * |
| Chromium-browser | Ubuntu | lucid | * |
| Chromium-browser | Ubuntu | maverick | * |
| Chromium-browser | Ubuntu | natty | * |
| Chromium-browser | Ubuntu | oneiric | * |
| Chromium-browser | Ubuntu | upstream | * |
Potential Mitigations
Related Attack Patterns
- https://cwe.mitre.org/data/definitions/114.html
- https://cwe.mitre.org/data/definitions/115.html
- https://cwe.mitre.org/data/definitions/151.html
- https://cwe.mitre.org/data/definitions/194.html
- https://cwe.mitre.org/data/definitions/22.html
- https://cwe.mitre.org/data/definitions/57.html
- https://cwe.mitre.org/data/definitions/593.html
- https://cwe.mitre.org/data/definitions/633.html
- https://cwe.mitre.org/data/definitions/650.html
- https://cwe.mitre.org/data/definitions/94.html
References
- http://code.google.com/p/chromium/issues/detail?id=79426
- http://googlechromereleases.blogspot.com/2011/08/stable-channel-update.html
- http://osvdb.org/74231
- https://exchange.xforce.ibmcloud.com/vulnerabilities/68943
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14595
- http://code.google.com/p/chromium/issues/detail?id=79426
- http://googlechromereleases.blogspot.com/2011/08/stable-channel-update.html
- http://osvdb.org/74231
- https://exchange.xforce.ibmcloud.com/vulnerabilities/68943
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14595