CVE-2021-27935

HIGH

AdGuard <0.105.2 - Info Disclosure

Title source: llm

Description

An issue was discovered in AdGuard before 0.105.2. An attacker able to get the user's cookie is able to bruteforce their password offline, because the hash of the password is stored in the cookie.

References (1)

[Issue Tracking, Patch, Third Party Advisory] https://github.com/AdguardTeam/AdGuardHome/issues/2470

Scores

CVSS v3 7.5

EPSS 0.0032

EPSS Percentile 55.0%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Classification

CWE

CWE-522

Status published

Affected Products (1)

adguard/adguard_home < 0.105.2

Timeline

Published Mar 03, 2021

Tracked Since Feb 18, 2026