An issue exists in DAViCal Andrew's Web Libraries (AWL) up to and including 0.60. Session management does not use a sufficiently hard-to-guess session key. Anyone who can guess the microsecond time (and the incrementing session_id) can impersonate a session.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
davical andrew\\'s web libraries |
||
debian debian linux 8.0 |
||
debian debian linux 9.0 |
||
debian debian linux 10.0 |