29-Year-Old Squid Proxy Bug 'Squidbleed' Can Leak Cleartext HTTP Requests

A 29-year-old vulnerability in the Squid web proxy, dubbed Squidbleed, can expose cleartext HTTP requests from one user to another user sharing the same proxy. This heap over-read flaw, originating from a 1997 FTP-parsing modification, remains active in Squid's default settings. Researchers at Calif.io disclosed the vulnerability in June. The exploit allows an attacker to intercept sensitive information such as login credentials and session tokens embedded within HTTP requests. The bug affects versions of Squid that have not been patched. The researchers demonstrated that a malicious actor could craft specific requests to trigger the over-read and capture data intended for other users. This highlights a long-standing security weakness that could have been exploited for years without detection. The disclosure prompts urgent attention for administrators to update their Squid installations to mitigate the risk of credential theft and session hijacking. The vulnerability's longevity underscores the importance of continuous security auditing for legacy codebases.