Lucene search
Debian Security Bug TrackerDEBIANCVE:CVE-2021-42949HistorySep 16, 2022 - 3:15 p.m.
CVE-2021-42949
2022-09-1615:15:09
Debian Security Bug Tracker
security-tracker.debian.org
17
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
0.003 Low
EPSS
Percentile
68.7%
The component controlla_login function in HotelDruid Hotel Management Software v3.0.3 generates a predictable session token, allowing attackers to bypass authentication via bruteforce attacks.
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| Debian | 12 | all | hoteldruid | < 3.0.4-1 | hoteldruid_3.0.4-1_all.deb |
| Debian | 11 | all | hoteldruid | <= 3.0.1-1 | hoteldruid_3.0.1-1_all.deb |
| Debian | 10 | all | hoteldruid | <= 2.3.2-1 | hoteldruid_2.3.2-1_all.deb |
| Debian | 999 | all | hoteldruid | < 3.0.4-1 | hoteldruid_3.0.4-1_all.deb |
| Debian | 13 | all | hoteldruid | < 3.0.4-1 | hoteldruid_3.0.4-1_all.deb |
Related
veracode
veracode
Insecure Token
2022-04-27 13:56:02
cvelist
cvelist
CVE-2021-42949
2022-09-16 14:45:36
cve
cve
CVE-2021-42949
2022-09-16 15:15:09
nvd
nvd
CVE-2021-42949
2022-09-16 15:15:09
ubuntucve
ubuntucve
CVE-2021-42949
2022-09-16 00:00:00
githubexploit
githubexploit
Exploit for CVE-2021-42949
2022-02-19 21:02:42
prion
prion
Authentication flaw
2022-09-16 15:15:00
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
0.003 Low
EPSS
Percentile
68.7%
Related for DEBIANCVE:CVE-2021-42949