Lucene search
MitreCVELIST:CVE-2021-46440HistoryMay 03, 2022 - 5:03 p.m.
CVE-2021-46440
2022-05-0317:03:51
mitre
www.cve.org
0.008 Low
EPSS
Percentile
81.4%
Storing passwords in a recoverable format in the DOCUMENTATION plugin component of Strapi before 3.6.9 and 4.x before 4.1.5 allows an attacker to access a victim’s HTTP request, get the victim’s cookie, perform a base64 decode on the victim’s cookie, and obtain a cleartext password, leading to getting API documentation for further API attacks.
Related
zdt
zdt
Strapi 3.6.8 Password Disclosure / Insecure Handling Vulnerabilities
2022-05-03 00:00:00
osv
osv
CVE-2021-46440
2022-05-03 18:15:08
Insecure password handling vulnerability in Strapi
2022-05-04 00:00:22
cve
cve
CVE-2021-46440
2022-05-03 18:15:08
prion
prion
Format string
2022-05-03 18:15:00
packetstorm
packetstorm
Strapi 3.6.8 Password Disclosure / Insecure Handling
2022-05-02 00:00:00
nvd
nvd
CVE-2021-46440
2022-05-03 18:15:08
github
github
Insecure password handling vulnerability in Strapi
2022-05-04 00:00:22