var-202007-0690
Vulnerability from variot
The HTTP Digest Authentication in the GoAhead web server before 5.1.2 does not completely protect against replay attacks. This allows an unauthenticated remote attacker to bypass authentication via capture-replay if TLS is not used to protect the underlying communication channel. GoAhead for, Capture-replay An authentication bypass vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. GoAhead is the world's most popular, tiny embedded web server. It is compact, secure and simple to use. GoAhead is deployed in hundreds of millions of devices and is ideal for the smallest of embedded devices.A security vulnerability affecting GoAhead versions 2 to 5 has been identified when using Digest authentication over HTTP. GoAhead versions 3 to 5 validated the nonce with a fixed duration of 5 minutes which permitted short-period replays. This duration is too long for most implementations.Tested on: GoAhead-httpGoAhead-Webs. There is a security vulnerability in Embedthis Software GoAhead versions before 5.1.2. An attacker could exploit this vulnerability to bypass authentication
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-202007-0690", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "goahead", "scope": "lt", "trust": 1.0, "vendor": "embedthis", "version": "5.1.2" }, { "model": "goahead", "scope": "eq", "trust": 0.8, "vendor": "embedthis", "version": null }, { "model": "goahead", "scope": "eq", "trust": 0.8, "vendor": "embedthis", "version": "5.1.2" }, { "model": "goahead web server", "scope": "lt", "trust": 0.1, "vendor": "embedthis", "version": "\u0026lt;=5.1.1 and \u0026lt;=4.1.2" } ], "sources": [ { "db": "ZSL", "id": "ZSL-2020-5598" }, { "db": "JVNDB", "id": "JVNDB-2020-008671" }, { "db": "NVD", "id": "CVE-2020-15688" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:embedthis:goahead:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "5.1.2", "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2020-15688" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "LiquidWorm", "sources": [ { "db": "CNNVD", "id": "CNNVD-202007-1390" } ], "trust": 0.6 }, "cve": "CVE-2020-15688", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "acInsufInfo": false, "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "author": "NVD", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 8.6, "impactScore": 6.4, "integrityImpact": "PARTIAL", "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "trust": 1.0, "userInteractionRequired": true, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0" }, { "acInsufInfo": null, "accessComplexity": "Medium", "accessVector": "Network", "authentication": "None", "author": "NVD", "availabilityImpact": "Partial", "baseScore": 6.8, "confidentialityImpact": "Partial", "exploitabilityScore": null, "id": "CVE-2020-15688", "impactScore": null, "integrityImpact": "Partial", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "Medium", "trust": 0.8, "userInteractionRequired": null, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0" }, { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "author": "VULHUB", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 8.6, "id": "VHN-168691", "impactScore": 6.4, "integrityImpact": "PARTIAL", "severity": "MEDIUM", "trust": 0.1, "vectorString": "AV:N/AC:M/AU:N/C:P/I:P/A:P", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "NETWORK", "author": "NVD", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "exploitabilityScore": 2.8, "impactScore": 5.9, "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" }, { "attackComplexity": "Low", "attackVector": "Network", "author": "NVD", "availabilityImpact": "High", "baseScore": 8.8, "baseSeverity": "High", "confidentialityImpact": "High", "exploitabilityScore": null, "id": "CVE-2020-15688", "impactScore": null, "integrityImpact": "High", "privilegesRequired": "None", "scope": "Unchanged", "trust": 0.8, "userInteraction": "Required", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0" } ], "severity": [ { "author": "NVD", "id": "CVE-2020-15688", "trust": 1.8, "value": "HIGH" }, { "author": "CNNVD", "id": "CNNVD-202007-1390", "trust": 0.6, "value": "HIGH" }, { "author": "ZSL", "id": "ZSL-2020-5598", "trust": 0.1, "value": "(3/5)" }, { "author": "VULHUB", "id": "VHN-168691", "trust": 0.1, "value": "MEDIUM" } ] } ], "sources": [ { "db": "ZSL", "id": "ZSL-2020-5598" }, { "db": "VULHUB", "id": "VHN-168691" }, { "db": "JVNDB", "id": "JVNDB-2020-008671" }, { "db": "NVD", "id": "CVE-2020-15688" }, { "db": "CNNVD", "id": "CNNVD-202007-1390" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "The HTTP Digest Authentication in the GoAhead web server before 5.1.2 does not completely protect against replay attacks. This allows an unauthenticated remote attacker to bypass authentication via capture-replay if TLS is not used to protect the underlying communication channel. GoAhead for, Capture-replay An authentication bypass vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. GoAhead is the world\u0027s most popular, tiny embedded web server. It is compact, secure and simple to use. GoAhead is deployed in hundreds of millions of devices and is ideal for the smallest of embedded devices.A security vulnerability affecting GoAhead versions 2 to 5 has been identified when using Digest authentication over HTTP. GoAhead versions 3 to 5 validated the nonce with a fixed duration of 5 minutes which permitted short-period replays. This duration is too long for most implementations.Tested on: GoAhead-httpGoAhead-Webs. There is a security vulnerability in Embedthis Software GoAhead versions before 5.1.2. An attacker could exploit this vulnerability to bypass authentication", "sources": [ { "db": "NVD", "id": "CVE-2020-15688" }, { "db": "JVNDB", "id": "JVNDB-2020-008671" }, { "db": "ZSL", "id": "ZSL-2020-5598" }, { "db": "VULHUB", "id": "VHN-168691" } ], "trust": 1.8 }, "exploit_availability": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/exploit_availability#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "reference": "https://www.zeroscience.mk/codes/goahead_noncereplay.txt", "trust": 0.1, "type": "poc" } ], "sources": [ { "db": "ZSL", "id": "ZSL-2020-5598" } ] }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2020-15688", "trust": 3.4 }, { "db": "PACKETSTORM", "id": "159505", "trust": 1.8 }, { "db": "JVN", "id": "JVNVU92569237", "trust": 0.8 }, { "db": "JVNDB", "id": "JVNDB-2020-008671", "trust": 0.8 }, { "db": "CXSECURITY", "id": "WLB-2020100044", "trust": 0.7 }, { "db": "CNNVD", "id": "CNNVD-202007-1390", "trust": 0.7 }, { "db": "EXPLOIT-DB", "id": "48958", "trust": 0.1 }, { "db": "ZSL", "id": "ZSL-2020-5598", "trust": 0.1 }, { "db": "CNVD", "id": "CNVD-2020-46563", "trust": 0.1 }, { "db": "VULHUB", "id": "VHN-168691", "trust": 0.1 } ], "sources": [ { "db": "ZSL", "id": "ZSL-2020-5598" }, { "db": "VULHUB", "id": "VHN-168691" }, { "db": "JVNDB", "id": "JVNDB-2020-008671" }, { "db": "NVD", "id": "CVE-2020-15688" }, { "db": "CNNVD", "id": "CNNVD-202007-1390" } ] }, "id": "VAR-202007-0690", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VULHUB", "id": "VHN-168691" } ], "trust": 0.01 }, "last_update_date": "2023-12-18T11:32:15.779000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "Digest\u00a0Nonce\u00a0Handling\u00a0over\u00a0HTTP\u00a0#3", "trust": 0.8, "url": "https://github.com/embedthis/goahead-gpl/issues/3" }, { "title": "Embedthis Software GoAhead Security vulnerabilities", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=125067" } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2020-008671" }, { "db": "CNNVD", "id": "CNNVD-202007-1390" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-294", "trust": 1.1 }, { "problemtype": "Capture-replay authentication evasion by (CWE-294) [NVD evaluation ]", "trust": 0.8 } ], "sources": [ { "db": "VULHUB", "id": "VHN-168691" }, { "db": "JVNDB", "id": "JVNDB-2020-008671" }, { "db": "NVD", "id": "CVE-2020-15688" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 2.3, "url": "http://packetstormsecurity.com/files/159505/embedthis-goahead-web-server-5.1.1-digest-authentication-capture-replay-nonce-reuse.html" }, { "trust": 1.8, "url": "https://github.com/embedthis/goahead-gpl/issues/3" }, { "trust": 1.5, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-15688" }, { "trust": 0.8, "url": "https://jvn.jp/vu/jvnvu92569237/index.html" }, { "trust": 0.7, "url": "https://cxsecurity.com/issue/wlb-2020100044" }, { "trust": 0.1, "url": "https://github.com/embedthis/goahead-gpl/issues/2" }, { "trust": 0.1, "url": "https://github.com/embedthis/appweb-gpl/issues/4" }, { "trust": 0.1, "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-15688" }, { "trust": 0.1, "url": "https://www.tenable.com/cve/cve-2020-15688" }, { "trust": 0.1, "url": "https://cert.civis.net/en/index.php?action=alert\u0026amp;param=cve-2020-15688" }, { "trust": 0.1, "url": "https://packetstormsecurity.com/files/159505" }, { "trust": 0.1, "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/185771" }, { "trust": 0.1, "url": "https://www.exploit-db.com/exploits/48958" } ], "sources": [ { "db": "ZSL", "id": "ZSL-2020-5598" }, { "db": "VULHUB", "id": "VHN-168691" }, { "db": "JVNDB", "id": "JVNDB-2020-008671" }, { "db": "NVD", "id": "CVE-2020-15688" }, { "db": "CNNVD", "id": "CNNVD-202007-1390" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "ZSL", "id": "ZSL-2020-5598" }, { "db": "VULHUB", "id": "VHN-168691" }, { "db": "JVNDB", "id": "JVNDB-2020-008671" }, { "db": "NVD", "id": "CVE-2020-15688" }, { "db": "CNNVD", "id": "CNNVD-202007-1390" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2020-10-06T00:00:00", "db": "ZSL", "id": "ZSL-2020-5598" }, { "date": "2020-07-23T00:00:00", "db": "VULHUB", "id": "VHN-168691" }, { "date": "2020-09-18T00:00:00", "db": "JVNDB", "id": "JVNDB-2020-008671" }, { "date": "2020-07-23T13:15:10.257000", "db": "NVD", "id": "CVE-2020-15688" }, { "date": "2020-07-23T00:00:00", "db": "CNNVD", "id": "CNNVD-202007-1390" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2020-11-04T00:00:00", "db": "ZSL", "id": "ZSL-2020-5598" }, { "date": "2023-01-31T00:00:00", "db": "VULHUB", "id": "VHN-168691" }, { "date": "2023-05-11T08:45:00", "db": "JVNDB", "id": "JVNDB-2020-008671" }, { "date": "2023-01-31T17:25:42.877000", "db": "NVD", "id": "CVE-2020-15688" }, { "date": "2020-10-10T00:00:00", "db": "CNNVD", "id": "CNNVD-202007-1390" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "CNNVD", "id": "CNNVD-202007-1390" } ], "trust": 0.6 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "GoAhead\u00a0 In \u00a0Capture-replay\u00a0 Authentication Bypass Vulnerability", "sources": [ { "db": "JVNDB", "id": "JVNDB-2020-008671" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "other", "sources": [ { "db": "CNNVD", "id": "CNNVD-202007-1390" } ], "trust": 0.6 } }
Sightings
Author | Source | Type | Date |
---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.