HTTP digest access authentication support #847
Labels
Priority: Low
This issue can probably be picked up by anyone looking to contribute to the project, as an entry fix
Status: Completed
Nothing further to be done with this issue. Awaiting to be closed.
Type: Enhancement
Most issues will probably ask for additions or changes.
Problem
Working on the Tieline Default Credentials - Create CVE-2021-35336 contribution by @pratikkhalane, we've encountered an HTTP digest access authentication mechanism.
Currently, my question is how to deal with the HTTP digest access authentication mechanism with the Nuclei engine?
Context
The HTTP digest access authentication mechanism is one of the methods a web server can use to negotiate credentials.
It requires an authentication workflow that can't be solved in one HTTP request:
Source: https://en.wikipedia.org/wiki/Digest_access_authentication
Use case study
# 1 Request
# 1 Response
Note: the server sends a WWW-Authenticate header.
# 2 Request
# 2 Response
Note: the client sends an Authorization with Digest type.
Solution
I would like to open a discussion regarding potential capabilities to deal with the HTTP digest access authentication mechanism.
Thank you for your attention.
The text was updated successfully, but these errors were encountered: