High severity7.5NVD Advisory· Published Apr 15, 2020· Updated Jun 17, 2026
CVE-2020-11728
CVE-2020-11728
Description
An issue was discovered in DAViCal Andrew's Web Libraries (AWL) through 0.60. Session management does not use a sufficiently hard-to-guess session key. Anyone who can guess the microsecond time (and the incrementing session_id) can impersonate a session.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- DAViCal/Andrew's Web Libraries (AWL)description
Patches
Vulnerability mechanics
References
5- bugs.debian.org/cgi-bin/bugreport.cginvdMailing ListThird Party Advisory
- gitlab.com/davical-project/awl/-/issues/19nvdIssue TrackingThird Party Advisory
- lists.debian.org/debian-lts-announce/2020/04/msg00011.htmlnvdMailing ListThird Party Advisory
- www.debian.org/security/2020/dsa-4660nvdThird Party Advisory
- usn.ubuntu.com/4539-1/nvd
News mentions
0No linked articles in our index yet.