Curl and Libcurl Default Credential Leak Vulnerability via .netrc File

A vulnerability exists in Curl and Libcurl versions 7.76.0 prior to 8.11.1, allowing for the unintentional leakage of passwords from a .netrc file during HTTP redirects. This issue arises when the .netrc file contains a 'default' entry that lacks specified login and password details. Under these conditions, Curl may transmit the password for the initial host to the subsequent redirected host, potentially leading to unauthorized information disclosure.

Impact

Exploitation of this vulnerability results in the unintended disclosure of sensitive credential information to unauthorized parties.

Reproduction

To reproduce this vulnerability, create a .netrc file with a 'default' entry that does not include login or password information. Then, use Curl to make a request to a host that will redirect to another host, ensuring that the .netrc file is referenced for credentials. The request will inadvertently leak the password from the first host to the second.

Remediation

Users are advised to upgrade Curl and Libcurl to version 8.12.0 or later. Alternatively, the vulnerability can be mitigated by avoiding the use of .netrc files with HTTP redirects.