Pageviews

HTTP Basic Auth the redirect destination is not in the address bar.

WFM....

Steps to Reproduce:
1. Open Mozilla
2. Visit http://hackies.in/auth.html
3. .....

We show http prompt before updating the address bar, however the address bar seems trustworthy.
Attaching the poc for reference, I believe the impact of this may be high.



Expected Results:
Address Bar should be updated before showing the http prompt.

Bug Reported by : Dhiraj Mishra 
#BugID: 1343456

1 comment:

  1. Well I think attackers have been already exploiting it !

    ReplyDelete