>
> I found something strange with nonce, the nonce seems never change
> nonce_max_count
>
> auth_param digest nonce_max_count 10
> auth_param digest check_nonce_count yes
> auth_param digest nonce_strictness on
>
> http://www.squid-cache.org/Doc/config/auth_param/
>
> With wireshark I'm seeing my nonce like nonce="a7qcucileAouwvp6" ok
> no problem, but it still the same after many requests (hundred)
>
> I also tested with auth_param digest nonce_max_duration 2 minutes, I
> need reload my ID/password.
>
> A bug ? or misunderstanding ?
>
> Thanks
>
>
I opened a new bug, with also a fix, here http://bugs.squid-cache.org/show_bug.cgi?id=3782
I think that It's a potential security problem about replay attacks
Regards Fred
Received on Mon Feb 18 2013 - 14:11:04 MST
This archive was generated by hypermail 2.2.0 : Mon Feb 18 2013 - 12:00:03 MST