CVE-2020-15688

Name of the Vulnerable Software and Affected Versions GoAhead web server versions prior to 5.1.2

Description The issue concerns the HTTP Digest Authentication in the GoAhead web server, which does not fully protect against replay attacks. This allows an unauthenticated remote attacker to bypass authentication through capture-replay if the communication channel is not protected by TLS.

Recommendations For versions prior to 5.1.2, update to version 5.1.2 or later to resolve the issue. As a temporary workaround, consider using TLS to protect the underlying communication channel and prevent replay attacks. Restrict access to sensitive areas of the web server to minimize the risk of exploitation until the update is applied.