An issue was discovered in AdGuard before 0.105.2. An attacker able to get the user's cookie is able to bruteforce their password offline, because the hash of the password is stored in the cookie.
References
Link | Resource |
---|---|
https://github.com/AdguardTeam/AdGuardHome/issues/2470 | Issue Tracking Patch Third Party Advisory |
https://github.com/AdguardTeam/AdGuardHome/issues/2470 | Issue Tracking Patch Third Party Advisory |
Configurations
History
21 Nov 2024, 05:58
Type | Values Removed | Values Added |
---|---|---|
References | () https://github.com/AdguardTeam/AdGuardHome/issues/2470 - Issue Tracking, Patch, Third Party Advisory |
12 Jul 2022, 17:42
Type | Values Removed | Values Added |
---|---|---|
CWE | CWE-522 |
Information
Published : 2021-03-03 20:15
Updated : 2024-11-21 05:58
NVD link : CVE-2021-27935
Mitre link : CVE-2021-27935
CVE.ORG link : CVE-2021-27935
JSON object : View
Products Affected
adguard
- adguard_home
CWE
CWE-522
Insufficiently Protected Credentials