Описание
An issue was discovered in AdGuard before 0.105.2. An attacker able to get the user's cookie is able to bruteforce their password offline, because the hash of the password is stored in the cookie.
Ссылки
- Issue TrackingPatchThird Party Advisory
- Issue TrackingPatchThird Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 0.105.2 (исключая)
cpe:2.3:a:adguard:adguard_home:*:*:*:*:*:*:*:*
EPSS
Процентиль: 55%
0.00324
Низкий
7.5 High
CVSS3
5 Medium
CVSS2
Дефекты
CWE-522
Связанные уязвимости
CVSS3: 7.5
github
больше 3 лет назад
An issue was discovered in AdGuard before 0.105.2. An attacker able to get the user's cookie is able to bruteforce their password offline, because the hash of the password is stored in the cookie.
EPSS
Процентиль: 55%
0.00324
Низкий
7.5 High
CVSS3
5 Medium
CVSS2
Дефекты
CWE-522