mod_digest for Apache before 1.3.31 does not properly verify the nonce of a client response by using a AuthNonce secret. Date published : 2004-02-03 http://www.