Hi, currently live-server using http-auth version 3.1.3. It is detected high vulnerability for http-auth version on veracode.
Replay Attack
http-auth is vulnerable to replay attack. The vulnerability exists because it is not properly invalidate expired Nonce in validateNonce and allows the replay attack when the client specifies a large nonceCount value.
Latest version for http-auth is 4.1.2.
Can someone please help with upgrading version so this issue is fixed.
Hi, currently live-server using http-auth version 3.1.3. It is detected high vulnerability for http-auth version on veracode.
Replay Attack http-auth is vulnerable to replay attack. The vulnerability exists because it is not properly invalidate expired Nonce in
validateNonce
and allows the replay attack when the client specifies a largenonceCount
value.Latest version for http-auth is 4.1.2.
Can someone please help with upgrading version so this issue is fixed.