CVE-2021-27935

An issue was discovered in AdGuard before 0.105.2. An attacker able to get the user's cookie is able to bruteforce their password offline, because the hash of the password is stored in the cookie.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.5 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 54%
VendorProductVersion
adguardadguard_home
𝑥
< 0.105.2
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://github.com/AdguardTeam/AdGuardHome/issues/2470
https://github.com/AdguardTeam/AdGuardHome/issues/2470