Vulnerability CVE-2021-27935


Published: 2021-03-03

Description:
An issue was discovered in AdGuard before 0.105.2. An attacker able to get the user's cookie is able to bruteforce their password offline, because the hash of the password is stored in the cookie.

Type:

CWE-307

(Improper Restriction of Excessive Authentication Attempts)

CVSS2 => (AV:N/AC:L/Au:N/C:P/I:N/A:N)

CVSS Base Score
Impact Subscore
Exploitability Subscore
5/10
2.9/10
10/10
Exploit range
Attack complexity
Authentication
Remote
Low
No required
Confidentiality impact
Integrity impact
Availability impact
Partial
None
None
Affected software
Adguard -> Adguard home 

 References:
https://github.com/AdguardTeam/AdGuardHome/issues/2470

Copyright 2021, cxsecurity.com

 

Back to Top