VDB
CVE-2020-15688
CVE-2020-15688
PUBLISHED
Reported by mitre · Published July 23, 2020
The HTTP Digest Authentication in the GoAhead web server before 5.1.2 does not completely protect against replay attacks. This allows an unauthenticated remote attacker to bypass authentication via capture-replay if TLS is not used to protect the underlying communication channel.
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| n/a | n/a | n/a |
| n/a | n/a | n/a |
Exploit Intelligence
- http://packetstormsecurity.com/files/159505/EmbedThis-GoAhead-Web-Server-5.1.1-Digest-Authentication-Capture-Replay-Nonce-Reuse.html (nist-nvd)
- GoAhead Web Server 5.1.1 - Digest Authentication Capture Replay Nonce Reuse Exploit (0day-today)
- EmbedThis GoAhead Web Server 5.1.1 Digest Authentication Capture Replay Nonce Reuse Exploit (0day-today)
Timeline
- Jul 23, 2020 CVE Published
- Oct 12, 2020 PoC Published
- Oct 27, 2020 PoC Published
- Apr 14, 2021 EPSS Score
- Jun 23, 2021 EPSS Score
- Oct 26, 2021 EPSS Score
- Dec 27, 2021 EPSS Score
- Feb 4, 2022 EPSS Score
- Feb 28, 2022 EPSS Score
- Apr 1, 2022 EPSS Score
- Jul 3, 2022 EPSS Score
- Sep 4, 2022 EPSS Score