CVE-2020-15688
HIGHGoAhead < 5.1.2 - Unauthenticated Authentication Bypass via Digest Nonce Reuse
Title source: llmDescription
The HTTP Digest Authentication in the GoAhead web server before 5.1.2 does not completely protect against replay attacks. This allows an unauthenticated remote attacker to bypass authentication via capture-replay if TLS is not used to protect the underlying communication channel.
References (2)
Core 2
Core References
Third Party Advisory x_refsource_misc
https://github.com/embedthis/goahead-gpl/issues/3
Exploit, Third Party Advisory, VDB Entry x_refsource_misc
http://packetstormsecurity.com/files/159505/EmbedThis-GoAhead-Web-Server-5.1.1-Digest-Authentication-Capture-Replay-Nonce-Reuse.html
Scores
CVSS v3
8.8
EPSS
0.0404
EPSS Percentile
89.3%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Details
CWE
CWE-294
Status
published
Products (1)
embedthis/goahead
< 5.1.2
Published
Jul 23, 2020
Tracked Since
Feb 18, 2026