exploitDog

GHSA-75vm-hh32-424x

Опубликовано: 24 мая 2022

Источник: github

Github: Не прошло ревью

CVSS3: 7.5

Описание

An issue was discovered in AdGuard before 0.105.2. An attacker able to get the user's cookie is able to bruteforce their password offline, because the hash of the password is stored in the cookie.

An issue was discovered in AdGuard before 0.105.2. An attacker able to get the user's cookie is able to bruteforce their password offline, because the hash of the password is stored in the cookie.

Ссылки

EPSS

Процентиль: 55%

0.00324

Низкий

7.5 High

CVSS3

CVE ID

Дефекты

CWE-307

Связанные уязвимости

CVE-2021-27935

CVSS3: 7.5

nvd

почти 5 лет назад

An issue was discovered in AdGuard before 0.105.2. An attacker able to get the user's cookie is able to bruteforce their password offline, because the hash of the password is stored in the cookie.

EPSS

Процентиль: 55%

0.00324

Низкий

7.5 High

CVSS3

CVE ID

Дефекты

CWE-307