elinks
Page content
- Author: voroskoi
- Vulnerable: 0.11.2-2terminus1
- Unaffected: 0.11.2-2terminus2
A weakness has been reported in ELinks, which can be exploited by malicious people to disclose sensitive information. The content of POST requests sent to HTTPS webservers via a proxy is sent unencrypted via the CONNECT command to the configured proxy. This can be exploited to disclose the content of POST requests by e.g. sniffing network traffic.
- Bug Tracker URL: http://bugs.frugalware.org/task/2457