ELinks 0.12 and Twibright Links 2.3 have Missing SSL Certificate Validation.
CVSS Score
5.9
EPSS Score
0.001
Published
2018-02-23
The http_negotiate_create_context function in protocol/http/http_negotiate.c in ELinks 0.12 before 0.12pre6, when using HTTP Negotiate or GSS-Negotiate authentication, delegates user credentials through GSSAPI, which allows remote servers to authenticate as the client via the delegated credentials.
CVSS Score
5.1
EPSS Score
0.004
Published
2013-01-03