CVE-2021-21400
HIGHwire-webapp < 2021-03-15-production.0 - Unauthenticated Exposure of Sensitive Information via App-Lock Passphrase Input
Title source: llmDescription
wire-webapp is an open-source front end for Wire, a secure collaboration platform. In wire-webapp before version 2021-03-15-production.0, when being prompted to enter the app-lock passphrase, the typed passphrase will be sent into the most recently used chat when the user does not actively give focus to the input field. Input element focus is enforced programatically in version 2021-03-15-production.0.
References (4)
Core 4
Core References
Third Party Advisory x_refsource_confirm
https://github.com/wireapp/wire-webapp/security/advisories/GHSA-cxwr-f2j3-q8hp
Patch, Third Party Advisory x_refsource_misc
https://github.com/wireapp/wire-webapp/pull/10704
Release Notes, Third Party Advisory x_refsource_misc
https://github.com/wireapp/wire-webapp/releases/tag/2021-03-15-production.0
Patch, Third Party Advisory x_refsource_misc
https://github.com/wireapp/wire-webapp/commit/281f2a9d795f68abe423c116d5da4e1e73a60062
Scores
CVSS v3
7.1
EPSS
0.0112
EPSS Percentile
62.0%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:N
Details
CWE
CWE-200
Status
published
Products (43)
wire/wire-webapp
2019-02-11 staging0 (3 CPE variants)
wire/wire-webapp
2019-02-13 staging0
wire/wire-webapp
2019-02-18 staging0
wire/wire-webapp
2019-02-27 staging0
wire/wire-webapp
2019-02-28 staging0 (2 CPE variants)
wire/wire-webapp
2019-03-05 staging0
wire/wire-webapp
2019-03-07 staging0
wire/wire-webapp
2019-03-11 staging0
wire/wire-webapp
2019-03-13 staging0 (2 CPE variants)
wire/wire-webapp
2019-03-20 staging0
... and 33 more
Published
Apr 02, 2021
Tracked Since
Feb 18, 2026