Ancient bug in popular web proxy software allows attackers to steal login credentials and session data from shared networks.
Security researchers have discovered a serious vulnerability in Squid, a widely-used web filtering tool that organizations deploy to manage internet traffic. The flaw allows someone on the same network to peek at another person's login information, passwords, and authenticated sessions—simply by watching data pass through the proxy system.
What makes this discovery particularly troubling is that the underlying problem has existed since 1997, buried deep within code designed to handle outdated FTP file transfer protocols. Despite being hidden for nearly three decades, the vulnerability remains enabled by default in most Squid installations, meaning countless networks are potentially affected without realizing it.
Think of a web proxy like a security checkpoint at an office entrance. Everyone who wants internet access passes through it. The Squid proxy is supposed to act like a careful guard—processing requests, filtering content, and protecting privacy.
This vulnerability is like a defective scanner that occasionally displays one person's information to the next person in line. When someone makes a web request containing sensitive data (usernames, passwords, or authentication tokens that keep you logged in), the buggy code can accidentally expose that information to other users on the network.
An attacker doesn't need special tools or sophisticated hacking skills. They simply need to be connected to the same proxy and watch the traffic flow by. It's a passive attack—they're not breaking into anything; they're just reading what the broken system is carelessly showing them.
Organizations using Squid typically include:
In all these environments, users reasonably expect their login credentials to remain private. A student checking email, an employee accessing their bank account, or someone logging into social media could all have their credentials stolen by another person on the network—whether it's a curious coworker or a determined attacker.
The real danger: Once someone has your authentication tokens, they can impersonate you online without needing your actual password. They can access your email, change account settings, or perform actions in your name.
The silver lining is that this vulnerability is finally receiving attention from the security community, and patches are being released to fix the problem.
This discovery serves as a reminder that even old, trusted software can harbor serious security risks hiding in plain sight.
Want to understand the technology behind this story? ITVedas has beginner-friendly guides on every IT topic.
Explore IT Chapters →