CVE-2021-27935
HIGHAdGuard Home < 0.105.2 - Insufficiently Protected Credentials via Password Hash in Cookie
Title source: llmDescription
An issue was discovered in AdGuard before 0.105.2. An attacker able to get the user's cookie is able to bruteforce their password offline, because the hash of the password is stored in the cookie.
References (1)
Core 1
Core References
Issue Tracking, Patch, Third Party Advisory x_refsource_misc
https://github.com/AdguardTeam/AdGuardHome/issues/2470
Scores
CVSS v3
7.5
EPSS
0.0412
EPSS Percentile
89.5%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Details
CWE
CWE-522
Status
published
Products (1)
adguard/adguard_home
< 0.105.2
Published
Mar 03, 2021
Tracked Since
Feb 18, 2026