A flaw was found in Libsoup. The server-side digest...
Moderate severity
Unreviewed
Published
Mar 12, 2026
to the GitHub Advisory Database
•
Updated Mar 12, 2026
Description
Published by the National Vulnerability Database
Mar 12, 2026
Published to the GitHub Advisory Database
Mar 12, 2026
Last updated
Mar 12, 2026
A flaw was found in Libsoup. The server-side digest authentication implementation in the SoupAuthDomainDigest class does not properly track issued nonces or enforce the required incrementing nonce-count (nc) attribute. This vulnerability allows a remote attacker to capture a single valid authentication header and replay it repeatedly. Consequently, the attacker can bypass authentication and gain unauthorized access to protected resources, impersonating the legitimate user.
References