Lightbend Play Framework 2.5.x Insufficiently Protected Credentials Vulnerability

Summary

When WSClient has been configured to use an authenticated proxy server, whilst making outbound HTTPS requests, we see HTTP CONNECT requests being sent from WSClient to the target host.

 

Credit:

The information has been provided by Sunny Chotai 

The original article can be found at:https://www.playframework.com/security/vulnerability


Details

An issue was discovered in Lightbend Play Framework 2.5.x through 2.6.23. When configured to make requests using an authenticated HTTP proxy, play-ws may sometimes, typically under high load, when connecting to a target host using https, expose the proxy credentials to the target host.

 

Vulnerable Systems:

Lightbend Play Framework 2.5.x through 2.6.23

 

CVE Information:

CVE-2019-17598

 

Disclosure Timeline:
Published Date:11/5/2019