The http_negotiate_create_context function in protocol/http/http_negotiate.c in ELinks 0.12 before 0.12pre6, when using HTTP Negotiate or GSS-Negotiate authentication, delegates user credentials through GSSAPI, which allows remote servers to authenticate as the client via the delegated credentials.
When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Elinks | Elinks | 0.12-pre1 (including) | 0.12-pre1 (including) |
| Elinks | Elinks | 0.12-pre2 (including) | 0.12-pre2 (including) |
| Elinks | Elinks | 0.12-pre3 (including) | 0.12-pre3 (including) |
| Elinks | Elinks | 0.12-pre4 (including) | 0.12-pre4 (including) |
| Elinks | Elinks | 0.12-pre5 (including) | 0.12-pre5 (including) |
| Red Hat Enterprise Linux 5 | RedHat | elinks-0:0.11.1-8.el5_9 | * |
| Red Hat Enterprise Linux 6 | RedHat | elinks-0:0.12-0.21.pre5.el6_3 | * |
| Elinks | Ubuntu | hardy | * |
| Elinks | Ubuntu | lucid | * |
| Elinks | Ubuntu | oneiric | * |
| Elinks | Ubuntu | precise | * |
| Elinks | Ubuntu | quantal | * |
| Elinks | Ubuntu | upstream | * |