live-server
live-server copied to clipboard
critical vulnerability for Replay Attack
Hi, currently live-server using http-auth version 3.1.3. It is detected high vulnerability for http-auth version on veracode.
Replay Attack
http-auth is vulnerable to replay attack. The vulnerability exists because it is not properly invalidate expired Nonce in validateNonce
and allows the replay attack when the client specifies a large nonceCount
value.
Latest version for http-auth is 4.1.2.
Can someone please help with upgrading version so this issue is fixed.
I have forked live-server and removed http-auth
.
Downside: htpasswd
does not work yet. Everything else works great!