ID

VAR-202007-0690


CVE

CVE-2020-15688


TITLE

GoAhead  In  Capture-replay  Authentication Bypass Vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2020-008671

DESCRIPTION

The HTTP Digest Authentication in the GoAhead web server before 5.1.2 does not completely protect against replay attacks. This allows an unauthenticated remote attacker to bypass authentication via capture-replay if TLS is not used to protect the underlying communication channel. GoAhead for, Capture-replay An authentication bypass vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. GoAhead is the world's most popular, tiny embedded web server. It is compact, secure and simple to use. GoAhead is deployed in hundreds of millions of devices and is ideal for the smallest of embedded devices.A security vulnerability affecting GoAhead versions 2 to 5 has been identified when using Digest authentication over HTTP. GoAhead versions 3 to 5 validated the nonce with a fixed duration of 5 minutes which permitted short-period replays. This duration is too long for most implementations.Tested on: GoAhead-httpGoAhead-Webs. There is a security vulnerability in Embedthis Software GoAhead versions before 5.1.2. An attacker could exploit this vulnerability to bypass authentication

Trust: 1.8

sources: NVD: CVE-2020-15688 // JVNDB: JVNDB-2020-008671 // ZSL: ZSL-2020-5598 // VULHUB: VHN-168691

AFFECTED PRODUCTS

vendor:embedthismodel:goaheadscope:ltversion:5.1.2

Trust: 1.0

vendor:embedthismodel:goaheadscope:eqversion: -

Trust: 0.8

vendor:embedthismodel:goaheadscope:eqversion:5.1.2

Trust: 0.8

vendor:embedthismodel:goahead web serverscope:ltversion:<=5.1.1 and <=4.1.2

Trust: 0.1

sources: ZSL: ZSL-2020-5598 // JVNDB: JVNDB-2020-008671 // NVD: CVE-2020-15688

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2020-15688
value: HIGH

Trust: 1.0

NVD: CVE-2020-15688
value: HIGH

Trust: 0.8

CNNVD: CNNVD-202007-1390
value: HIGH

Trust: 0.6

ZSL: ZSL-2020-5598
value: (3/5)

Trust: 0.1

VULHUB: VHN-168691
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2020-15688
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-168691
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2020-15688
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 5.9
version: 3.1

Trust: 1.0

NVD: CVE-2020-15688
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: ZSL: ZSL-2020-5598 // VULHUB: VHN-168691 // JVNDB: JVNDB-2020-008671 // CNNVD: CNNVD-202007-1390 // NVD: CVE-2020-15688

PROBLEMTYPE DATA

problemtype:CWE-294

Trust: 1.1

problemtype:Capture-replay authentication evasion by (CWE-294) [NVD evaluation ]

Trust: 0.8

sources: VULHUB: VHN-168691 // JVNDB: JVNDB-2020-008671 // NVD: CVE-2020-15688

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202007-1390

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202007-1390

EXPLOIT AVAILABILITY

sources: ZSL: ZSL-2020-5598

PATCH

title:Digest Nonce Handling over HTTP #3url:https://github.com/embedthis/goahead-gpl/issues/3

Trust: 0.8

title:Embedthis Software GoAhead Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=125067

Trust: 0.6

sources: JVNDB: JVNDB-2020-008671 // CNNVD: CNNVD-202007-1390

EXTERNAL IDS

db:NVDid:CVE-2020-15688

Trust: 3.4

db:PACKETSTORMid:159505

Trust: 1.8

db:JVNid:JVNVU92569237

Trust: 0.8

db:JVNDBid:JVNDB-2020-008671

Trust: 0.8

db:CXSECURITYid:WLB-2020100044

Trust: 0.7

db:CNNVDid:CNNVD-202007-1390

Trust: 0.7

db:EXPLOIT-DBid:48958

Trust: 0.1

db:ZSLid:ZSL-2020-5598

Trust: 0.1

db:CNVDid:CNVD-2020-46563

Trust: 0.1

db:VULHUBid:VHN-168691

Trust: 0.1

sources: ZSL: ZSL-2020-5598 // VULHUB: VHN-168691 // JVNDB: JVNDB-2020-008671 // CNNVD: CNNVD-202007-1390 // NVD: CVE-2020-15688

REFERENCES

url:http://packetstormsecurity.com/files/159505/embedthis-goahead-web-server-5.1.1-digest-authentication-capture-replay-nonce-reuse.html

Trust: 2.3

url:https://github.com/embedthis/goahead-gpl/issues/3

Trust: 1.8

url:https://nvd.nist.gov/vuln/detail/cve-2020-15688

Trust: 1.5

url:https://jvn.jp/vu/jvnvu92569237/index.html

Trust: 0.8

url:https://cxsecurity.com/issue/wlb-2020100044

Trust: 0.7

url:https://github.com/embedthis/goahead-gpl/issues/2

Trust: 0.1

url:https://github.com/embedthis/appweb-gpl/issues/4

Trust: 0.1

url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-15688

Trust: 0.1

url:https://www.tenable.com/cve/cve-2020-15688

Trust: 0.1

url:https://cert.civis.net/en/index.php?action=alert&param=cve-2020-15688

Trust: 0.1

url:https://packetstormsecurity.com/files/159505

Trust: 0.1

url:https://exchange.xforce.ibmcloud.com/vulnerabilities/185771

Trust: 0.1

url:https://www.exploit-db.com/exploits/48958

Trust: 0.1

sources: ZSL: ZSL-2020-5598 // VULHUB: VHN-168691 // JVNDB: JVNDB-2020-008671 // CNNVD: CNNVD-202007-1390 // NVD: CVE-2020-15688

CREDITS

LiquidWorm

Trust: 0.6

sources: CNNVD: CNNVD-202007-1390

SOURCES

db:ZSLid:ZSL-2020-5598
db:VULHUBid:VHN-168691
db:JVNDBid:JVNDB-2020-008671
db:CNNVDid:CNNVD-202007-1390
db:NVDid:CVE-2020-15688

LAST UPDATE DATE

2024-11-23T21:22:23.777000+00:00


SOURCES UPDATE DATE

db:ZSLid:ZSL-2020-5598date:2020-11-04T00:00:00
db:VULHUBid:VHN-168691date:2023-01-31T00:00:00
db:JVNDBid:JVNDB-2020-008671date:2023-05-11T08:45:00
db:CNNVDid:CNNVD-202007-1390date:2020-10-10T00:00:00
db:NVDid:CVE-2020-15688date:2024-11-21T05:06:01.080

SOURCES RELEASE DATE

db:ZSLid:ZSL-2020-5598date:2020-10-06T00:00:00
db:VULHUBid:VHN-168691date:2020-07-23T00:00:00
db:JVNDBid:JVNDB-2020-008671date:2020-09-18T00:00:00
db:CNNVDid:CNNVD-202007-1390date:2020-07-23T00:00:00
db:NVDid:CVE-2020-15688date:2020-07-23T13:15:10.257