Lightbend Play Framework 2.5.x Insufficiently Protected Credentials Vulnerability
When WSClient has been configured to use an authenticated proxy server, whilst making outbound HTTPS requests, we see HTTP CONNECT requests being sent from WSClient to the target host.
The information has been provided by Sunny Chotai
The original article can be found at:https://www.playframework.com/security/vulnerability
An issue was discovered in Lightbend Play Framework 2.5.x through 2.6.23. When configured to make requests using an authenticated HTTP proxy, play-ws may sometimes, typically under high load, when connecting to a target host using https, expose the proxy credentials to the target host.
Lightbend Play Framework 2.5.x through 2.6.23