Squidbleed: 29-Year-Old Squid Proxy Bug Leaks HTTP Credentia
đ High |Â Source: The Hacker News A 29-year-old heap over-read vulnerability in the Squid web proxy, dubbed âSquidbleedâ, allows any user already permitted to send traffic through a shared proxy to read another userâs cleartext HTTP requests, including credentials and session tokens. The flaw originates from a 1997 FTP-parsing change and remains exploitable in Squidâs default configuration today. Exposure is broad given Squidâs widespread use as a forward proxy in enterprise and cloud environments. ...