CVE-2020-15688

HIGH

GoAhead <5.1.2 - Auth Bypass

Title source: llm

Description

The HTTP Digest Authentication in the GoAhead web server before 5.1.2 does not completely protect against replay attacks. This allows an unauthenticated remote attacker to bypass authentication via capture-replay if TLS is not used to protect the underlying communication channel.

References (2)

[Third Party Advisory] https://github.com/embedthis/goahead-gpl/issues/3

[Exploit, Third Party Advisory, VDB Entry] http://packetstormsecurity.com/files/159505/EmbedThis-GoAhead-Web-Server-5.1.1-Digest-Authentication-Capture-Replay-Nonce-Reuse.html

Scores

CVSS v3 8.8

EPSS 0.0027

EPSS Percentile 50.3%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Details

CWE

CWE-294

Status published

Products (1)

embedthis/goahead < 5.1.2

Published Jul 23, 2020

Tracked Since Feb 18, 2026