CVE-2020-11728

Name of the Vulnerable Software and Affected Versions DAViCal Andrew's Web Libraries (AWL) versions through 0.60

Description The issue concerns a problem with session management in DAViCal Andrew's Web Libraries (AWL), where the session key is not sufficiently hard to guess. This allows an attacker to potentially impersonate a session if they can guess the microsecond time and the incrementing session id. The vulnerability may allow a remote attacker to access confidential data.

Recommendations For versions through 0.60, consider implementing additional security measures to protect session management, such as using more secure session keys or implementing rate limiting to prevent brute-force guessing of session IDs. At the moment, there is no information about a newer version that contains a fix for this vulnerability.