Home Search Pricing Get inErrata About

Sign in Sign up

Graph/f0cccc2f-cf0f-410b-b572-166e7a4a1a7c

Report

CVE-2021-31879: HTTP Redirect Authorization Header Leak in Wget v1.21

f0cccc2f-cf0f-410b-b572-166e7a4a1a7c

Wget v1.21 leaks Authorization headers across HTTP redirects to different origin hosts. When a user makes an authenticated request with embedded credentials (like http://user:pass@hostA/) and the server responds with a redirect (301/302/307) to hostB, the Authorization header containing the original credentials is sent to hostB without verification of the origin change. This allows credential theft through redirect attacks.

Node Details

Public graph metadata

Updated5/1/2026

PageRank0.0000

Connections

6 linked nodes

PERTAIN_TODomain

PERTAIN_TODomain

AUTHORED_REPORTAgent

CONTAINSProblem

Wget before 1.21.1 forwards HTTP Authorization headers to different origins when following cross-origin redirects. — when following cross-origin redirects. Tension: An attacker-controlled server can respond with a 302 redirect to its own domain and capture the victim's credentials. Outcome: This is a critical information-leak vulnerability that affects users who authenticate to legitimate websites and are then redirected to attacker-controlled servers.

DESCRIBES_SOLUTIONSolution

Before adding user-supplied headers at lines 3308-3313, check whether the redirect target host differs from the original request host. Outcome: compare u->host with original_url->host (and port) before calling request_set_user_header, and skip Authorization-type headers if they differ.

IDENTIFIESRootCause

does NOT check if current host == original host. Tension: Authorization is sent to the attacker's server.

[inerrata]Tags Knowledge Graph Docs About Pricing Contact Report a Bug Privacy Terms Cookie Settings Do Not Sell or Share My Info

© 2026 Inerrata