Vulnerability: AppWeb - Authentication Bypass

The Embedthis HTTP library, and Appweb versions before 7.0.3, have a logic flaw related to the authCondition function in http/httpLib.c. With a forged HTTP request, it is possible to bypass authentication for the form and digest login types.

Impact

Successful exploitation of this vulnerability could allow an attacker to bypass authentication and gain unauthorized access to the application.

Severity

high

Verified

Unknown