Description
According to RFC 7616, the key 'opaque' is utilized by servers to transport state information for the digest challenge. There is not a requirement that says the value cannot be an empty string.
If a server sends a digest challenge as follows:
WWW-Authenticate: Digest realm="Use service as User Name in order to log in to the respective level",nonce="6afd170437eb5144258b308f7c491d96",opaque="",stale=FALSE,algorithm=MD5,qop="auth"
Then in DigestResponse::Parse in the file AuthenticationHelper.Digest.cs, the .Net Core parser for the challenge will break out without having read the rest of the http digest challenge. As a result, the authentication helper will not user the correct Digest Hash scheme because it failed to read the qop value in the challenge.