CVE-2020-15688

Опубликовано: 23 июл. 2020

Источник: nvd

CVSS3: 8.8

CVSS2: 6.8

EPSS Низкий

Описание

The HTTP Digest Authentication in the GoAhead web server before 5.1.2 does not completely protect against replay attacks. This allows an unauthenticated remote attacker to bypass authentication via capture-replay if TLS is not used to protect the underlying communication channel.

Ссылки

http://packetstormsecurity.com/files/159505/EmbedThis-GoAhead-Web-Server-5.1.1-Digest-Authentication-Capture-Replay-Nonce-Reuse.html
Exploit
Third Party Advisory
VDB Entry
https://github.com/embedthis/goahead-gpl/issues/3
Third Party Advisory
https://github.com/embedthis/goahead-gpl/issues/3
Third Party Advisory
http://packetstormsecurity.com/files/159505/EmbedThis-GoAhead-Web-Server-5.1.1-Digest-Authentication-Capture-Replay-Nonce-Reuse.html
Exploit
Third Party Advisory
VDB Entry
https://github.com/embedthis/goahead-gpl/issues/3
Third Party Advisory
https://github.com/embedthis/goahead-gpl/issues/3
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:embedthis:goahead:*:*:*:*:*:*:*:*

Версия до 5.1.2 (исключая)

EPSS

Процентиль: 50%

0.00269

Низкий

8.8 High

CVSS3

6.8 Medium

CVSS2

Дефекты

CWE-294

Связанные уязвимости

GHSA-6r2c-458p-644h