The HTTP Authentication implementation in Geo++ GNCASTER 1.4.0.7 and earlier uses the same nonce for all authentication, which allows remote attackers to hijack web sessions or bypass authentication via a replay attack.
CPE | Name | Operator | Version |
---|---|---|---|
geo\\+\\+_gncaster | eq | 1.4.0.0 | |
geo\\+\\+_gncaster | le | 1.4.0.7 |