live-server icon indicating copy to clipboard operation
live-server copied to clipboard

Published 20 hours ago verified publisher icon tapio

critical vulnerability for Replay Attack

Open PinalSa opened this issue 3 years ago • 1 comments

Hi, currently live-server using http-auth version 3.1.3. It is detected high vulnerability for http-auth version on veracode.

Replay Attack http-auth is vulnerable to replay attack. The vulnerability exists because it is not properly invalidate expired Nonce in validateNonce and allows the replay attack when the client specifies a large nonceCount value.

Latest version for http-auth is 4.1.2.

Can someone please help with upgrading version so this issue is fixed.

PinalSa avatar Jan 27 '21 14:01 PinalSa

I have forked live-server and removed http-auth.

Downside: htpasswd does not work yet. Everything else works great!

yandeu avatar Mar 20 '21 12:03 yandeu