The HTTP Digest Authentication in the GoAhead web server prior to 5.1.2 does not completely protect against replay attacks. This allows an unauthenticated remote malicious user to bypass authentication via capture-replay if TLS is not used to protect the underlying communication channel.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
embedthis goahead |