* J.H.M. Dassen (Ray) ([EMAIL PROTECTED]) wrote : > On Tue, Feb 03, 2004 at 14:05:25 -0800, Matt Zimmerman wrote: > > > mod_digest for Apache does not properly verify the nonce of a client > > > response by using a AuthNonce secret. > > > Can anyone explain the true impact of this bug? > In a purely social context, it probably isn't particularily high - very few sites use digest auth since (a) it's broken in IE and (b) Basic over SSL is easier to set up and more widely available.
I'll check out exactly what response upstream will be making and what the urgency they feel for the problem is. -Thom
