cpp-httplib Cross-Origin Redirect Credential Leak Vulnerability

A vulnerability in cpp-httplib versions prior to 0.39.0 allows the HTTP client to unintentionally forward stored authentication credentials, including Basic Auth, Bearer Tokens, and Digest Auth, to arbitrary hosts during cross-origin HTTP redirects. This occurs because the client re-attaches these credentials after stripping the Authorization header, resulting in a leak to potentially malicious servers. Additionally, the library lacks proper protection against downgrading HTTPS connections to HTTP, further exposing credentials.

Impact

Exploitation of this vulnerability leads to unauthorized interception of authentication credentials by an attacker-controlled server, with potential exposure of these credentials over unencrypted HTTP.

Reproduction

The vulnerability can be reproduced by configuring a cpp-httplib client to follow redirects while using any of the supported authentication methods. When the client is redirected to an attacker-controlled host, the Authorization header is leaked, revealing the stored credentials.

Remediation

Users are advised to update to cpp-httplib version 0.39.0 or later, and to be cautious of HTTPS-to-HTTP downgrades that could expose credentials.