Hackers Attack Curl Vulnerability Accessing Sensitive Information

## Summary: [A critical security flaw in Curl. This is a data transfer tool and may potentially allow attackers to access sensitive information.] ## Affected version [6.5 through 8.11.0] ## Steps To Reproduce: Security vulnerability when curl is used with a .netrc file for the credentials and also uses a HTTP redirect. Curl may leak passwords used for the host that redirects it to the next host. 1.The .netrc file contains an entry matching the redirect target hostname 2. The entry either omits the password or both the login and password ## Supporting Material/References: Affects both the libcurl library and the curl command-line tool. ## Impact ## Summary: A curl transfer to a.tld redirect to b.tld along with the .netrc file entry for b.tld password vulnerability. This may expose passwords when it passes through the network.