An issue was discovered in AdGuard before 0.105.2. An attacker able to get the user's cookie is able to bruteforce their password offline, because the hash of the password is stored in the cookie.
References
Link | Resource |
---|---|
https://github.com/AdguardTeam/AdGuardHome/issues/2470 | Issue Tracking Patch Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2021-03-03T19:37:13
Updated: 2021-03-03T19:37:13
Reserved: 2021-03-03T00:00:00
Link: CVE-2021-27935
JSON object: View
NVD Information
Status : Analyzed
Published: 2021-03-03T20:15:12.437
Modified: 2022-07-12T17:42:04.277
Link: CVE-2021-27935
JSON object: View
Redhat Information
No data.
CWE