Insecure Generation of Long-Term Session Cookies in DAViCal Andrew's Web Libraries (AWL)

Insecure Generation of Long-Term Session Cookies in DAViCal Andrew's Web Libraries (AWL)

CVE-2020-11729 · CRITICAL Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

An issue was discovered in DAViCal Andrew's Web Libraries (AWL) through 0.60. Long-term session cookies, uses to provide long-term session continuity, are not generated securely, enabling a brute-force attack that may be successful.

Learn more about our Web App Pen Testing.