CVSS: 7.5EPSS: 0%CPEs: 4EXPL: 0CVE-2020-11728
https://notcve.org/view.php?id=CVE-2020-11728
An issue was discovered in DAViCal Andrew's Web Libraries (AWL) through 0.60. Session management does not use a sufficiently hard-to-guess session key. Anyone who can guess the microsecond time (and the incrementing session_id) can impersonate a session. Se descubrió un problema en DAViCal Andrew's Web Libraries (AWL) versiones hasta el 0,60. La administración de sesiones no usa una clave de sesión lo suficientemente difícil de adivinar. • https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=956650 https://gitlab.com/davical-project/awl/-/issues/19 https://lists.debian.org/debian-lts-announce/2020/04/msg00011.html https://usn.ubuntu.com/4539-1 https://www.debian.org/security/2020/dsa-4660 • CWE-384: Session Fixation •
CVSS: 9.8EPSS: 0%CPEs: 3EXPL: 1CVE-2020-11729
https://notcve.org/view.php?id=CVE-2020-11729
An issue was discovered in DAViCal Andrew's Web Libraries (AWL) through 0.60. Long-term session cookies, uses to provide long-term session continuity, are not generated securely, enabling a brute-force attack that may be successful. Se descubrió un problema en DAViCal Andrew's Web Libraries (AWL) versiones hasta la versión 0,60. Las cookies de sesión long-term, usadas para proveer una continuidad de sesión a largo plazo, no son generadas de manera segura, permitiendo un ataque de fuerza bruta que puede tener éxito. • https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=956650 https://gitlab.com/davical-project/awl/-/issues/18 https://lists.debian.org/debian-lts-announce/2020/04/msg00011.html https://www.debian.org/security/2020/dsa-4660 • CWE-384: Session Fixation •