https://bugzilla.novell.com/show_bug.cgi?id=889849 https://bugzilla.novell.com/show_bug.cgi?id=889849#c0 Summary: Apache Subversion might reveal authentication information through md5 collision attack on authentication realm Classification: openSUSE Product: openSUSE 13.1 Version: Final Platform: All OS/Version: openSUSE 13.1 Status: NEW Severity: Normal Priority: P5 - None Component: Security AssignedTo: security-team@suse.de ReportedBy: Andreas.Stieger@gmx.de QAContact: qa-bugs@suse.de Found By: --- Blocker: --- User-Agent: Mozilla/5.0 (X11; Linux i686; rv:30.0) Gecko/20100101 Firefox/30.0 Apache Subversion might reveal authentication information through an md5 collision attack on authentication realm. An attacker would need to trick the potential victim to connect to a subversion repository he controls and present a special realm string to be transmitted authentication information. Patches: http://svn.apache.org/r1550691 http://svn.apache.org/r1550772 Reference: http://mail-archives.apache.org/mod_mbox/subversion-dev/201407.mbox/%3C53DAB... Reproducible: Didn't try -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.