Unrated severityNVD Advisory· Published Aug 8, 2022· Updated Aug 4, 2024
CVE-2021-41615
CVE-2021-41615
Description
websda.c in GoAhead WebServer 2.1.8 has insufficient nonce entropy because the nonce calculation relies on the hardcoded onceuponatimeinparadise value, which does not follow the secret-data guideline for HTTP Digest Access Authentication in RFC 7616 section 3.3 (or RFC 2617 section 3.2.1). NOTE: 2.1.8 is a version from 2003; however, the affected websda.c code appears in multiple derivative works that may be used in 2021. Recent GoAhead software is unaffected.
Affected products
2(expand)+ 1 more
- (no CPE)
- (no CPE)range: = 2.1.8
Patches
Vulnerability mechanics
References
2- devel.rtems.org/browser/rtems/cpukit/httpd/websda.cmitrex_refsource_MISC
- github.com/trenta3/goahead-versions/blob/master/2.1.8/230165webs218.tar.gzmitrex_refsource_MISC
News mentions
0No linked articles in our index yet.